[fforw]

Not really. They have been supporters for "Vorratsdatenspeicherung" / "stock data saving" / data retention for quite some time and now realize that the populace is not amused by the NSA shenanigans.

So in their infinite wisdom, they replaced it with "Mindestspeicherfristen" / "minimum storage limit" / data retention.

[Sujan]

Exactly. It's pure spin, the content stayed exactly the same, they just replaced some words. Apparently done well enough, to confuse even Spiegel Online.

Here is some reporting on it:

http://translate.google.com/translate?sl=de&tl=en&u=http%3A%...

http://netzpolitik.org/2013/spiegel-online-ente-union-gibt-v... (German)

[hwh]

It's also important to note that this shift in wording predates the whole Snowden/NSA story. It is conveniently interpret in its light, now that the NSA in political discourse. Also note that Germany is facing federal elections in just a few months...

[blots]

Why, even the Spiegel article says right at the beginning that it's just playing with words for the sake of elections:

"But for this change of course to be more than just an election ploy, the government should however advocate a change in the EU Directive in Brussels. Which prescribes a six-month storage of traffic data - and the Union confirms in other parts of its election manifesto that it holds onto the fundamental goal to implement the Directive. "Minimum retention period" is spoken in the Union for two years already - and means nothing but data retention."

[eliasmacpherson]

A lot of US users seem to be under the impression that the EU is much better at protecting privacy. In some ways it is, and in other ways it is not.

https://en.wikipedia.org/wiki/Data_Retention_Directive

This has been in force since 2006. The storage is required by law.

"member states will have to store citizens' telecommunications data for six to 24 months stipulating a maximum time period. Under the directive the police and security agencies will be able to request access to details such as IP address and time of use of every email, phone call and text message sent or received. A permission to access the information will be granted only by a court."

[terhechte]

One big difference, though, is that this does not happen in secret. Everybody knows about it, and the member states can decide to implement it. Thus the voter could even (in theory) vote for a party that pleads to not implement said directive.

Though I think, again, the biggest difference is that it did not happen in secrecy but in a open and more democratic manner.

[dvdkhlng]

Also, the collection has to be implemented by each communication company itself (as opposed to by the police or secret service), so no central storage of data and no easy data-mining and network-building across the data sets of indviduals.

And you have all the usual data protection rights like requesting a full copy of all stored data from each company. In theory you should also always be informed afterwards when your data was retrieved due to a warrant.

That said, I'm still very much against this kind of data collection. Data protection starts at data parsimony. And you never know who'll have access and who watches the watchers etc.

[hwh]

Just a quick background - that is the EU legislation that made the "Vorratsdatenspeicherung" in Germany appear on the political agenda. The comment shortly stating "not in Germany" however is partly right. The Data Retention Directive applies to Germany, too.

To explain this further, one needs to know how EU legislation works. As it is a supranational state conglomerate, a lot of its legislation is not immediately binding. This is how "EU Directives" differ from "EU Regulations". The latter are directly applicable, binding law. But the Directives need to be realized by EU member states doing legislation of their own. They have some degree of freedom for doing so.

Arguably, Germany didn't have the freedom to not push forward with its own realization of that Directive. However, it is disputed that the Data Retention Directive is actually conforming to EU law - and that was not checked in court yet to its full extent. So the matter is highly political in its nature. The EU Commission, which watches over the implementation of the Directives, is currently in a legal battle over sanctions regarding the non-implementation.

Germany is not alone here, however. Other EU member states postponed an implementation, too.

[eliasmacpherson]

Thanks for the explanation, I had thought it was enforced throughout the EU.

[worldimperator]

Additionally, 'not implemented in Germany' is not entirely correct. It was implemented by the Great Coalition a couple of years ago, then declared unconstitutional by the Constitutional Court shortly after. So all upcoming formulations of data retention will have to comply with those constitutional requirements.

[rbehrends]

In addition to what others have already said, the summary at the end is somewhat misleading. The directive does not lay down any rules for access by law enforcement or intelligence agencies. It only requires ISPs to store the data, not to grant law enforcement or intelligence agencies access. Such access would still be subject to national law (i.e., warrants and such).

The primary concern is not that data retention will directly lead to law enforcement going on big data harvesting operations, but that the chilling effect from having that data stored outweighs the practical benefits that law enforcement would derive from it.

A particular concern in Germany is the interaction with §98a+b of the Code of Criminal Procedure [1] and similar laws enacted by the states, which allow for not just particularized warrants, but dragnet searches ("Rasterfahndung"). While such a search still requires a (non-secret) court order and is allowed only under a limited set of circumstances, there is an undeniable chilling effect associated with it.

[1] http://www.gesetze-im-internet.de/englisch_stpo/englisch_stp...

[codesuela]

not in Germany though