Federal German data protection authority, the BfDI supports recent ECJ ruling on data retention.
The federal German data protection authority, BfDI has voiced its support for a recent ECJ ruling on data retention. The ECJ ruling supports the notion that the preventive, general and indiscriminate storage of individuals’ traffic and location data is indeed a serious intrusion on the fundamental rights of individuals. A recent statement from BfDI said : “As of today, the debates about data retention without cause must finally come to an end. How often should the relevant courts send a stop signal?” Last week’s ruling from the European Court of Justice is promising, but not binding, as judgement will be given at a later date, pending subsequent deliberations from the court judges.
The ECJ has emphasized that data retention enables deep insights into an individual’s personality.
The ECJ highlighted how data retention can enable deep insights into an individual’s character and identity. This can even be used to create personal networks and profiles for individuals. According to the ECJ, this only emphasizes the need for a free and open Internet. The European Court of Justice believes that unreasonable and comprehensive data storage should not exist. The court has therefore taken the step of clearly defining the limits to data retention. The BfDI believes that even effective criminal prosecution on the internet can be executed without data retention. The data protection authority believes that data retention is not necessary at all.
Alternatives like the “login trap” and the “quick freeze procedure” are being suggested by the ECJ.
There have long been effective alternatives to constant data retention, such as the “login trap” or the “quick freeze procedure” mentioned by the ECJ. In both cases, the aim of those procedures is to only collect the information which is necessary and relevant for criminal prosecution in cases where there is concrete suspicion. It is yet to be determined whether legislators will use the narrow corridor specified by the ECJ. The BfDI intends to follow this process critically and make itself available for advice at any time.
Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.