Germany’s highest court on Friday said security services had too much unfettered access to people’s online data and ordered legislation to be revised to set higher hurdles.
German intelligence services and police agencies currently have the right to ask telecom and internet companies for user info ranging from names and birth dates to passwords and IP addresses, to help their investigations in areas like counterterrorism and cyber crime.
But the Constitutional Court in Karlsruhe agreed with complaints brought by privacy activists that the access to data was excessive and an unconstitutional violation of citizens’ right to telecoms privacy.
In their ruling, judges said the current powers to retrieve data were “disproportionate”.
“It cannot be permissible to indiscriminately request information on data,” they said.
Judges said they agreed that intelligence bodies sometimes needed to pull personal data from smartphones or other devices to maintain public security.
But they said this should only be done in cases of “a specific danger” or “an initial suspicion of criminal conduct” in the context of an investigation, and not to facilitate investigators’ work “in general”.
German legislators have until the end of 2021 to amend the telecommunications law to include “thresholds for the use of these powers”.
The ruling comes in response to several lawsuits, including one by Patrick Breyer, an MEP from Germany’s Pirate Party that campaigns for internet freedoms.
More than 6,000 people signed a petition backing his complaint.
Related: Coronavirus Tracing App a Test for Privacy-Minded Germany
Related: German Court Orders Facebook to Rein in Data Collection
Related: Germany Seizes Server Hosting Pilfered U.S. Police Files
