Die jüngeren Urteile des EuGHs zur Vorratsdatenspeicherung sind nicht als „kopernikanische Wende“ zu verstehen, in der der EuGH sein Selbstverständnis als Grundrechtsgericht aufgegeben hätte. Sie sind keine autoritär motivierte Abkehr von einer vormals grundrechtsfreundlichen Rechtsprechung. Vielmehr fügen sich die Urteile ein in die komplexe Entwicklung des ursprünglich national geprägten Sicherheitsverfassungsrechts. Diese Einordnung bedarf eines genaueren Blickes.
The recent judgements of the CJEU on data retention should not be regarded as an authoritarian move towards a less fundamental rights-sensible position of the Court. Rather, the case law adapts the ever more complex development of the constitutional security law, which was originally dominated by the Member States. As a European court, the CJEU cannot simply ban certain police measures but must respect the complexity and heterogeneity of national law enforcement agencies.
Mass data retention is on the rise. In the current heyday of security packages in Germany, we are now witnessing a “super grand coalition” in favor of mandatory IP address retention. Some are calling for greater protection for victims through data retention. Yet, what one often overlooks is the following: The investigative capacities of law enforcement authorities have never been better, and the digital data pools that can be analyzed have never been larger. Hence, victims must be protected without mass surveillance.
Mass data retention is all about proportionality. The threat level determines the proportionality of the means – both of which are subject to the perpetual flux of time. Data retention is intended to protect victims of digital crimes. To protect freedom online, our security services urgently need to be able to access stored IP addresses. The alarming developments in our security situation are calling many certainties from the past into question. This also involves a re-evaluation of traffic data retention.
Ten years after its groundbreaking judgment declaring the Data Retention Directive incompatible with the EU Charter, the Full Court significantly eased its previously strict requirements. On 30 April 2024, it issued La Quadrature Du Net II and, for the first time, declared the general and indiscriminate retention of IP addresses permissible for the purpose of fighting general crime. Given the CJEU’s fundamental change of heart, we have gathered a range of scholars to contextualize the judgment and situate it within the broader debate on mass data retention, online surveillance, and anonymity.
13. September 2025
Giovanni Capoccia
12. September 2025
Anne Peters
12. September 2025
Anne Peters