On Telecommunications Data Retention by Peter Burgstaller


The law in force since April 1, 2012 that requires public telecommunications service providers to record data about network users’ activities including their geographic location when such activity occurs and to store that data for a period of six months is difficult to reconcile with our constitutional guarantees of the confidentiality of personal data and respect for the individual’s privacy.

That telecommunications data retention encroaches upon these fundamental rights is indisputable. It may indeed be asked, though, whether these infringements are justified and thus lawful. And the answer is no for the following reasons above all:

The infringement of a fundamental right must take place on a legal basis, which is indeed the case here (§§ 102 a – c TKG); nevertheless, the infringement must be proportionate, appropriate and necessary to achieve the intended purpose. Now, the purpose of telecommunications data retention, according to the promulgated guidelines, is to fight crime and to prevent the commission of serious crimes, especially terrorism and the formation of criminal gangs.

The Austrian legal provisions governing telecommunications data retention by no means satisfy these prerequisites. They are neither necessary to achieve the intended objective (actually, they are unsuited to doing so) nor are they appropriate and proportionate:

  1. In Austria in conjunction with telecommunications data retention, “serious crimes” are equated with misdeeds punishable by imprisonment for at least one year, and retained telecommunications data are to be released even in such cases. Thus, virtually every copyright violation is characterized as a “serious crime.” But copyright violations have nothing to do with fighting terrorism and the formation of criminal gangs; they are also certainly not “serious crimes”!
  2. Retained telecommunications data are only to be released pursuant to a court order, but unfortunately exceptions are provided for in §§ 76a StPO and 53 SPG! According to these provisions, a public prosecutor’s office or a government investigative agency can call upon providers to release data without a court order—in this case, without any restrictions with respect to the severity of the particular crime.
  3. The retained information about telecommunications traffic (e.g. an e-mail address or telephone number) can, in numerous instances, give a strong indication as to the content of the communication (which is absolutely taboo in conjunction with telecommunications data retention). In the case of a phone sex line or the services of a self-help group, the phone number of IP address is generally all that is needed to draw conclusions about the content of the communication.
  4. Telecommunications data retention does nothing to prevent the commission of crimes! Instead, all of us and above all the investigative agencies become inundated by an absolutely unmanageable flood of information and data, so that the essential information cannot even be registered anymore. Consider, for example, the recent attacks in Toulouse: Much was known about the perpetrator, and much information had been gathered—prohibited from entering the USA, possession and use of weapons, prior convictions, training in Afghanistan—but the authorities were nevertheless unable to prevent the crime. Telecommunications data retention does nothing to change this.

-> The infringement of fundamental rights—particularly, respect for the individual’s right to privacy and the confidentiality of personal data—by the legal guidelines governing telecommunications data retention is, in my opinion, neither necessary to achieve the intended aim (fighting terror) nor proportionate. It is above all excessive and inappropriate.

Mag. Dr. Peter Burgstaller LL.M teaches at the FH OÖ Campus Hagenberg, his studies reach out into the fields of copyright and telecommunication-laws.

The Data Retention is a big part of Out of Control – What the web knows about you, the new exhibition at the Ars Electronica Center Linz.

One note from the blogger: The European Court has released a verdict that the data collected via Data Retention can be used for investigations concerning copyright infringements. So filesharers can be prosecuted using those measures, lifting up copyright infringements on the level of major felonies.