EU Court Voids German Telecom Data Law

- The ruling came from the Court of Justice of the European Union (CJEU), the EU's top court, in a case brought by German internet service providers SpaceNet and Telekom Deutschland. - Germany's overturned law, which had been on hold since 2017, mandated the indiscriminate retention of telephone and internet connection data for ten weeks and location data for four weeks. - This is not the first time Germany has had a data retention law struck down; the German Federal Constitutional Court annulled a previous version in 2010 that was designed to implement the 2006 EU Data Retention Directive. That directive itself was later invalidated by the CJEU in 2014. - The CJEU has consistently ruled against general and indiscriminate data retention, arguing it violates the fundamental rights of EU citizens. The court has, however, left the door open for targeted data retention for the purpose of combating serious crime or in instances of a genuine and foreseeable threat to national security. - In response to the ruling, German Justice Minister Marco Buschmann has advocated for a "quick freeze" procedure as an alternative. This method would allow law enforcement, with a court order, to require providers to preserve specific data related to individuals suspected of serious crimes. - The legal challenge highlights the ongoing tension between law enforcement's desire to access data for investigations and the privacy protections guaranteed under EU law. - This decision reinforces the legal framework of the EU's General Data Protection Regulation (GDPR) and the new Digital Services Act (DSA), which both emphasize data minimization and robust protection of user privacy.