Germany’s highest court, the Bundesverfassungsgericht or Federal Constitutional Court, has suspended a law that requires Internet and telephone operators to store for up to six months data on their customers’ telephone, email and Internet communications.

The court, in a 2 March judgement, said the law contravened privacy rights as set out in Germany’s Basic Law. All stored data must therefore be deleted, and no new data collected until regulations in line with the Basic Law are in place, the judges said.

According to the judges, the law that had been put in place "neither provided a sufficient level of data security, nor sufficiently limited the possible uses of the data," and represented "an especially grave intrusion" into the privacy of individuals.

The law struck out by the judges was Germany’s transposition of the European Union directive on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks" (Directive 2006/24/EC), which was introduced as an anti-terrorism measure and requires storage of data for up to two years. Under the law, police or security services can be given access to certain data on the basis of obtaining a court order.

The decision of the Federal Constitutional Court strikes out the German law based on the EU directive, rather than the EU directive itself. German interior minister Thomas de Maiziere said the federal government would look at reformulating the law to be in conformity with the court’s judgement.

A case against the data retention law was filed with the Federal Constitutional Court by around 35,000 people in Germany’s largest-ever class action lawsuit.

The Federal Constitutional Court information release detailing the reasons for the judgement (in German) is available at http://www.bundesverfassungsgericht.de/en/press/bvg10-011.html