Directive 2006/24 / EC on the retention of data

from Wikipedia, the free encyclopedia
European Union flag

Directive 2006/24 / EC

Title: Directive 2006/24 / EC of the European Parliament and of the Council of March 15, 2006 on the retention of data that is generated or processed during the provision of publicly accessible electronic communications services or public communications networks and amending Directive 2002/58 / EC
Designation:
(not official) 		Data retention policy
Scope: EU
Legal matter: Security law
Basis: EC Treaty , in particular Article 95
Procedure overview: European Commission
European Parliament
IPEX Wiki
Come into effect: May 3, 2006
To be
implemented in national law by: 		September 15, 2007
Implemented by: Germany
Law on the revision of telecommunications surveillance and other covert investigative measures as well as on the implementation of Directive 2006/24 / EC of December 21, 2007 Federal Law Gazette 2007 I p. 3198
Replaced by: Judgment of the Court of Justice (Grand Chamber) of 8 April 2014 in Joined Cases C-293/12 and C-594/12 (Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and others)
Expiry: April 8, 2014
Reference: OJ L 105 of April 13, 2006, pp. 54-63
Full text Consolidated version (not official)
basic version
Regulation was declared null and void.
Please note the information on the current version of legal acts of the European Union !

The directive on data retention was a directive of the European Union , through which the different national regulations of the EU member states for the storage of telecommunication data were to be standardized. The harmonization was intended to ensure that the data are retained for a specified period for the purpose of investigating and prosecuting serious crimes .

The directive was politically and legally controversial. While their supporters described data retention as an indispensable tool for counter-terrorism and law enforcement, their critics pointed to its low effectiveness and the severe interference with informational self-determination and the privacy of citizens, which they saw as a further step towards the surveillance state.

On April 8, 2014, it was declared invalid by the European Court of Justice . The invalidation took effect on the date the Directive entered into force.

content

The guideline obliged the member states of the European Union to enact national laws , according to which certain data that accrued during the provision and use of public electronic communications services had to be stored by the service providers for at least six months and could be stored for a maximum of two years.

Traffic and location data in particular should be saved . Content data - i.e. the content of e-mails and phone calls - should not be saved.

Data to be saved

The following data categories had to be saved in advance:

  1. Data needed to trace and identify the source of a message:
    1. Concerning landline and mobile phones :
      1. the number of the calling connection,
      2. the name and address of the participant or registered user
    2. regarding internet access , internet e-mail and internet telephony :
      1. the assigned user ID,
      2. the user ID and phone number assigned to each message in the public telephone network,
      3. the name and address of the subscriber or registered user who was assigned an IP address , user ID or telephone number at the time of the message;
  2. Data required to identify the addressee of a message:
    1. Concerning landline and cellular networks:
      1. the dialed number (s) (the number (s) of the called connection) and, for additional services such as call forwarding or call diversion, the number (s) to which the call was directed,
      2. the names and addresses of the participants or registered users;
    2. regarding internet e-mail and internet telephony:
      1. the user ID or phone number of the intended recipient of a call using Internet telephony,
      2. the names and addresses of the participants or registered users and the user ID of the intended recipient of a message;
  3. Data required to determine the date, time and duration of a message transmission:
    1. With regard to the fixed telephone network and cellular network: date and time of the start and end of a communication process;
    2. regarding internet access, internet e-mail and internet telephony:
      1. Date and time of registration and deregistration from the Internet access service based on a specific time zone, together with the dynamic or static IP address assigned to a connection by the Internet access provider and the user ID of the subscriber or registered user;
      2. Date and time of registration and deregistration for an Internet e-mail service or an Internet telephony service based on a specific time zone;
  4. Data required to determine the type of message transmission:
    1. With regard to the fixed telephone network and mobile communications: the telephone service used;
    2. with regard to Internet e-mail and Internet telephony: the Internet service used;
  5. Data required by users to determine the terminal equipment or the alleged terminal equipment:
    1. Concerning the fixed telephone network: the numbers of the calling and the called line;
    2. regarding mobile communications:
      1. the phone numbers of the calling and the called line,
      2. the international mobile subscriber identification (IMSI) of the calling connection,
      3. the international mobile device identifier (IMEI) of the calling connection,
      4. the IMSI of the called connection,
      5. the IMEI of the called line,
      6. in the case of prepaid anonymous services, date and time of the first activation of the service and the identification of the location (Cell-ID) at which the service was activated;
    3. regarding internet access, internet e-mail and internet telephony:
      1. the number of the calling connection for access via dial-up connection,
      2. the digital subscriber line (DSL) or another endpoint of the originator of the communication process;
  6. Data needed to determine the location of mobile devices:
    1. the location identifier (Cell-ID) at the beginning of the connection,
    2. Data for the geographical location of radio cells by reference to their location identifier (Cell ID) during the period in which the communication data was stored.

History of origin

Data retention was first seriously discussed at European level in 2002. The right-wing conservative Danish government, which held the presidency at the time , submitted a draft for a corresponding legal act in August 2002. The draft stipulated a storage period of twelve months. However, he did not find a majority.

After the Madrid cable stops on 11 March 2004, the mandated European Council the Council of Ministers to examine by June 2005 whether and what laws should be adopted on data retention.

The Governments of France, Ireland, Sweden and the United Kingdom then took the initiative and introduced a draft framework decision on data retention to the Council of Ministers on April 29, 2004 (Council Document 8958/04 with explanatory note). In view of the increasing cross-border international crime and in response to the Madrid terrorist attacks, they considered a unified European policy of data retention to be necessary. The draft stipulated a minimum storage period of twelve months and a maximum storage period of 36 months. In contrast to the 2002 draft, the retention should also take place to prevent criminal offenses and not only to investigate and prosecute offenses that have already been committed. In addition, the restriction to particularly serious crimes and terrorism has been lifted. Lighter crimes, such as copyright infringements through illegal file sharing , could then have been prevented and prosecuted by means of data retention.

The initiators understood the planned framework decision as a measure of police and judicial cooperation in criminal matters . The Council decided in principle alone and unanimously on such measures within the framework of the so-called “ Third Pillar of the EU ”, which were based on Articles 29–42 of the EU Treaty . The European Parliament was heard; but the Council was able to ignore the opinion of Parliament.

Opponents of data retention and members of the European Parliament reacted to the project with criticism and accused the Council of Ministers of assuming authority. They took the view that data retention also intervened at least in part in the area of ​​the " First Pillar of the EU " and thus in the competence of the EU Parliament. Data retention must therefore - if at all - be introduced by a directive passed by the EU Parliament together with the Council . A framework decision by the Council is not enough.

In March 2005 the European Commission officially endorsed this legal view. EU Justice Commissioner Franco Frattini called on the Council to refrain from adopting the planned framework decision.

Regardless of this, the Council continued to work in 2005 on a majority framework decision on data retention. Problems that turned out to be u. a. the different ideas of national governments regarding retention periods.

The necessary unanimity in the Council of Ministers could never be achieved for the framework decision.

The terrorist attacks on July 7, 2005 in London and the almost simultaneous assumption of the Council Presidency by the United Kingdom gave the project new impetus. The EU Commission, which has been positive about the project since the latest terrorist attacks at the latest, presented its own draft directive on September 21, 2005. This represented a decisive change in the choice of harmonization instruments. Firstly, a directive was voted on in the European Parliament, and secondly, it was based on Article 95 of the EC Treaty, i.e. on the approximation of the internal market - and no longer within the framework of the 3rd Pillar. This draft should represent a compromise between the conflicting interests: Internet data should be stored for at least six months, telephone data for at least twelve months. Longer deadlines should be allowed.

The European Parliament took up the Commission's draft but, under the leadership of the Committee on Civil Liberties, Justice and Home Affairs, modified it on a number of crucial points. B. shortened the list of data types to be saved. In addition, the data itself should only be allowed to be evaluated to prosecute particularly serious crimes. Overall, the lead rapporteur for Parliament, the German MP Alexander Alvaro , had to consider more than 200 amendments from the ranks of the parliamentarians. According to Alexander Alvaro, the new design guaranteed a good balance between security and freedom.

The Alvaro draft met with criticism from both supporters and opponents of data retention. The Council of Ministers finally took the initiative again and negotiated behind the back of the rapporteur with influential EU parliamentarians, with the reservation that the existing framework plan would be adopted. The British Interior Minister Charles Clarke finally succeeded on November 30, 2005 in swearing the chairmen of the Christian and Social Democratic parliamentary groups in the European Parliament to the position of the Council on essential points.

The once more amended draft was then submitted to the European Parliament for decision as a so-called compromise proposal. Rapporteur Alvaro described the Council's actions as "scandalous" and withdrew his name from the parliamentary bill.

On December 14, 2005, the European Parliament voted 378 to 197 for the “compromise proposal”. The draft negotiated by Charles Clarke had cleared the parliamentary hurdle after just three months and thus became the EU's fastest directive. For its part, the Council of Ministers voted on February 21, 2006 by a majority for the draft. Only Slovakia and Ireland voted against the directive for formal reasons. (More details in the section Action before the European Court of Justice .)

Implementation in national law

The provisions of the directive only became directly applicable when they were transposed into national law by the individual EU member states. On November 9, 2007, the German Bundestag passed the law on the revision of telecommunications surveillance and other covert investigative measures as well as on the implementation of Directive 2006/24 / EC , which came into force on January 1, 2008.

According to Article 15 (1) of the Directive, the deadline for transposing the Directive already expired on September 15, 2007. As a result, Germany was unable to comply with the requirements of the EU and nineteen other member states. For the Internet access, Internet telephony and e-mail services, however, implementation could be postponed until March 15, 2009 at the latest. A special declaration by the Member States was necessary for this. Such a declaration was made by sixteen of the twenty-five Member States, including Germany and Austria.

Action before the European Court of Justice

On July 6, 2006, Ireland brought an action against the EC Directive before the European Court of Justice (ECJ). Ireland requests that the data retention directive be annulled for formal reasons : it was not enacted on an appropriate legal basis , as it inadmissibly relies exclusively on internal market competence (Article 95 EC) as the legal basis and not on the third pillar , namely the legal basis for police and judicial cooperation in criminal matters . The content of the directive has nothing to do with the internal market and its harmonization. The data retention should therefore have been introduced by a unanimous framework decision of the Council of Ministers. Slovakia gave a similar reason for its vote against in the Council of Ministers. On February 10, 2009, the European Court of Justice ruled that the directive had been enacted on an appropriate legal basis.

In its ruling on the transfer of passenger data to the USA on May 30, 2006, the European Court of Justice ruled that EC legal acts for the protection of public safety and for law enforcement purposes are inadmissible. After the judgment became known, Federal Minister of Justice Brigitte Zypries stated that the lawsuit procedure was also open for data retention.

On the other hand, on June 20, 2006, the German Bundestag refused to bring an action against the directive before the European Court of Justice. A corresponding application by the opposition was rejected by the members of the CDU / CSU and SPD government factions.

According to the Working Group on Data Retention, the Legal Service of the EU Council informed the EU Justice Ministers in a non-public council meeting on 6/7. June 2014 communicated that the statements of the European Court of Justice in section 59 of its ruling on data retention “suggest that general, unconditional storage of data is no longer possible in the future”. A legal opinion on behalf of the European Green Group also comes to the conclusion that, according to the judgment, general and indiscriminate data retention is inadmissible. This also applies to national laws on the retention of telecommunications data as well as to EU measures for the retention of passenger data, payment data and fingerprints.

At the national level in Germany u. a. the working group on data retention filed a constitutional complaint against the implementation of the directive; On March 2, 2010, the Federal Constitutional Court announced its ruling, in which it declared the specific design of data retention to be unconstitutional and the corresponding regulations null and void.

In Austria, the guideline was brought before the Constitutional Court by the Carinthian state government, an employee of a telecommunications company and more than 11,000 private individuals, which in turn asked the ECJ for a preliminary ruling . The Advocate General of the ECJ came to the conclusion that data retention in its current form is incompatible with the EU Charter of Fundamental Rights ; he judged it to be an impermissible, unjustified invasion of privacy.

On April 8, 2014, the European Court of Justice declared the directive invalid because it was incompatible with the Charter of Fundamental Rights of the European Union .

As a result of the judgment, the United Kingdom passed the Data Retention and Investigatory Powers Act to maintain data retention at the national level.

See also

literature

  • Alexander Alvaro: The data retention policy. In: Data protection news . 2/2006, pp. 52-55.
  • Mark Bedner: Problems with the application of the data retention directive and legality of its implementation in national law . Master's thesis to obtain a “Master of Laws” (LL.M.) in media law at the Mainz Media Institute and the Johannes Gutenberg University Mainz. online (PDF)
  • Patrick Breyer: Legal problems of the directive 2006/24 / EG on data retention and its implementation in Germany. In: Defense lawyer. 4/2007, pp. 214-220. online (PDF)
  • Nikolaus Forgó , Dennis Jlussi / Christian Klügel, Tina Krügel: The implementation of the data retention directive - Europe is having a hard time. In: Data protection and data security . (DuD) 2008, pp. 680-682.
  • Andreas Gietl, Lovro Tomasic: Competence of the European Community to Introduce Data Retention - Comment on the Opinion of Advocate General Yves Bot in Case C-301/06 of October 14, 2008. In: Data protection and data security. (DUD), issue 12, 2008, pp. 795-800.
  • Rotraud lattice, Christoph Schnabel: The guideline on data retention and its implementation in national law. In: Multimedia and Law . 7/2007, pp. 411-417. online (PDF)
  • Dennis Jlussi: Is it permissible to store dynamic IP addresses? In the S. (Ed.): Theses in IT law. Munich 2007, ISBN 978-3-638-85568-6 , pp. 9-122. online (PDF)
  • Diethelm Klesczewski : Promotion of the internal market through storage obligations ? In: HRRS . 2009, p. 250 ( online ).
  • Doris Liebwald: BVerfG: Concrete design of data retention not constitutional. In: JusIT . 2/2010, LexisNexis, Vienna.
  • Doris Liebwald: The systematic recording of data via electronic communication for monitoring purposes, Directive on data retention 2006/24 / EC. In: JusIT. 2/2010, LexisNexis, Vienna.
  • Doris Liebwald: The New Data Retention Directive. In: MR-Int . 1/2006 (European Media, IP & IT Law Review), pp. 49–56.
  • Stefan Krempl : Glasses on the Net - EU Parliament approves massive surveillance of telecommunications. In: c't 1/2006, pp. 18-19.
  • Stefan Krempl: On the hunt for data - The guideline for data retention of telephone and Internet data is in place. In: c't. 6/2006, p. 86.
  • Gerald Otto, Michael Seitlinger: The "Spy Policy". On the (implementation) problem of the Data Retention Directive 2006/24 / EC. In: Media and Law. 4/2006, pp. 227-234.
  • Matthias Rossi: Comment on ECJ, judgment of February 10, 2009 - C-301/06. In: ZJS. 2009, pp. 298-299. online (PDF; 41 kB)
  • Franz Schmidbauer: The spy policy. In: Telepolis . May 5, 2006.
  • Gerald Stampfel, Wilfried Gansterer, Michael Ilger: Data Retention - The EU Directive 2006/24 / EC from a Technological Perspective . Media and Law, Vienna 2008, ISBN 978-3-900741-53-2 .
  • Dietrich Westphal: The guideline for the retention of traffic data. Brussels statement on the relationship between freedom and security in the “post-9/11 information society”. In: European law. 5/2006, pp. 706-723.
  • Dietrich Westphal: The new EC directive on data retention. Privacy and entrepreneurial freedom under security pressure. In: European Journal of Business Law. 17/2006, pp. 555-560.
  • Sebastian Zeitzmann: On the intended reform of the data retention directive - lessons from the ECJ ruling in case C-301/06 and the regulatory content of the underlying directive. In: Journal for European Law Studies. (ZEuS) 3/2011, pp. 433-484.
  • Martin Zilkens: European data protection law - an overview. In: Law of data processing . 2007, pp. 196-201.

Web links

Individual evidence

  1. ^ Judgment in Joined Cases C-293/12 and C-594/12
  2. ECJ, press release No. 54/14, fn. 3 .
  3. Information from the Independent State Center for Data Protection Schleswig-Holstein on data retention ( memento of the original from April 8, 2014 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.datenschutzzentrum.de
  4. Council document 8958/04 with Addendum
  5. Voting behavior of the EU Parliament on Directive 2006/24 / EC  ( page no longer available , search in web archivesInfo: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. @ VoteWatch@1@ 2Template: Dead Link / old.votewatch.eu  
  6. ECJ: Ireland / Council and Parliament - legal approximation . Retrieved February 10, 2009.
  7. vorratsdatenspeicherung.de , 3rd paragraph
  8. ECJ: PRESS RELEASE No. 11/09 - Judgment of the Court of Justice in the case C-301/06 (PDF; 117 kB). Retrieved February 10, 2009.
  9. vorratsdatenspeicherung.de
  10. Boehm / Cole: Data retention after the judgment of the Court of Justice of the European Union (June 30, 2014) ( Memento of the original from November 8, 2014 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. . @1@ 2Template: Webachiv / IABot / www.uni-muenster.de
  11. ^ Opponents of data retention are planning the largest constitutional complaint in the history of the FRG
  12. BVerfG, judgment of March 2, 2010, 1 BvR 256/08
  13. a b ECJ wants to stop data collection. Die Presse.com, December 12, 2013, accessed December 12, 2013 .
  14. EU Advocate General: Data retention violates fundamental rights. Die Presse.com, December 12, 2013, accessed December 12, 2013 .
  15. ^ European Constitutional Court overturns data retention In: Zeit Online . April 8, 2014.
  16. Press release of the European Court of Justice of April 8, 2014