In October 2015, the lower house of Parliament after getting votes in favor of data retention directives formed legislation about Mandatory data retention laws in Germany. Germany has been regarded as a controversial place for enforcing data retention directives.
Germany’s Mandatory Data Retention Directives:
The German government for the purpose of strengthening the national cybersecurity imposed strong and strict data retention directives on its citizens. Under these directives; the country’s inter-service providers (ISP) and telecommunication companies were compelled to retain the user’s metadata for 10 weeks. The retained data includes details and records of user’s call history, text messages, emails, uploads and downloads, web visit and other communication data.
The stored data also include the duration of the call, timings of the call, call destination, and IP address. However, the metadata doesn’t include contents of phones conversation or web browsing content. Metadata is also regarded as a digital footprint which is capable of tracking the details of the user’s call history. Also due to technicality full-text messages would also be retained. If the appointed government officials have a warrant so, they can get access to retained data.
Timeline of Germany’s Data Retention Directives:
Germany’s Federal Constitution Court in 2010, ruled out the previous EU’s DRD of 2006 and Germany’s implementation Act which brings the directives to national legislation as unacceptable on the grounds of fundamental rights violations.
In 2014, the ruling European Court of Justice states that user’s data would be retained without any distinction, restriction, or exceptional was contradictory to fundamental human rights.
The German Justice Minister, Heiko Mess in April 2015 drafted a new proposition of data retention directives to support both national security and address issues with previous DRD policy. After all, the FCC never brought out data retention as unconstitutional rather than Data Implementation Data Act did not compel with the rights of secrecy of communication and informational self-determination.
The amendments proposed include the time duration i.e. for how long the data would be stored. This time period was down from 6 months to 10 weeks, email traffic data would be excluded and judicial orders are required for their access. Moreover, SMS content, IP address and records of web page access would be stored for a period 10 weeks, however, traces of call would be stored for just 4 weeks.
The data retention laws were moved forward to the Parliament for discussion after being approved by the leading political party “SPD” (Social Democrats) in late June 2014.
The lower house on Oct 16th, 2015 voted in favour of the legislation. The law was approved with an enormous majority of 404 votes to 148 votes.
In between December 2015 and January 2016, the upper house of the parliament passed the bill and moved it forward to the President for consideration. When the bill is moved to the President so it’s his decision to either sign it and approved as a law or send it back to the German Constitutional Court for evaluation and to check that either the law is in accordance with the German law or not.
How German’s Metadata Retention are causes for concern?
The civil rights groups have disparaged similar legislation debating that it will cause a great threat to the privacy of people and introducing a false sense of security. Here’s a closer look at the disagreement to the German’s metadata retention law by both privacy and data retention supporters:
- The Criminal Police Union was of the opinion that 10 weeks is a less time for collecting information for cybercrimes.
- The Deputy leader of the Liberal Free Democratic Party (LFD), Wolfgang Kubicki stated that he could challenge the data retention laws before bringing it to the Constitutional Court of Justice. Furthermore, he also argues that data retention legislation would not protect the privacy of German citizens with professional secrets which is a guarantee under EU law.
- The metadata retentions laws might exploit the European single market regulations. This is because it might provide Germany unjust benefit over other countries if it compels organizations to use German servers for easy access.
- It is still not clear what would happen if digital footprints raised doubt after examination. Would the collected information be used for digital investigation or phone wire warrant issue?
- As several parties would be present to handle the tactful and confidential information and data thus, there would a greater chance of mishandling and mismanagement.
- Developing countries like Australia, USA, and Canada are adopting DRD but it is still not proven that either it is an effective way of tackling issues like cybercrime or security on a national
Ways to Avoid Metadata Retention:
Following mentioned are some ways by which you can avoid your data from being retained:
- If you don’t want your real IP address to be tracked so, secure your network by using a VPN service. A VPN hides your real IP address. It encrypts your data and shows that you are only connected to a VPN server.
- It is recommended to connect via proxy as this enables the user to hide their real IP address.
- It is advised to use encrypted communication services. This means that various phones and emails services offer additional security on daily basis so, you can use them but first make sure they aren’t based in Germany and you should also don’t keep logs.
- Use a Tor network which would hide the user’s information of which the computer actually requested the traffic.
- Use internet protocol SockS5 Proxy for torrenting and P2P which by using a proxy server will move the packets between the server and the user.