The European Commission is preparing to refer Germany to the European Court of Justice in Luxembourg, for failing to introduce a new law that would put it in line with the European data retention directive, according to a new report from Reuters.

In 2006, the EU passed a directive in the wake of the London and Madrid terrorist attacks that compels ISPs and telecommunications companies to retain all e-mails, phone calls, and related data. These directives, while mandated from Brussels, must be written into the law of each of the 27 member states at the national level. However, since the directive, Germany, Romania, and the Czech Republic have had their national laws overturned by their courts.

Many online activists have long complained against the data retention directive.

"For data retention to be legal under the EU’s charter on fundamental rights says that measures that restricts fundamental rights need to be 'necessary and genuinely meet objectives of general interest recognized by the Union or the need to protect the rights and freedoms of others,'" wrote Joe McNamee of European Digital Rights, in an e-mail sent to Ars. "However, the implementation report published last year showed very clearly that data retention is not necessary. Statistics from EU member states from before and after implementation of data retention shows that it is not necessary. Data retention is therefore unquestionably illegal under European law."

The directive has even come under fire from the European Data Protection Supervisor, who in December 2011 said that the directive had "failed to meet its main purpose," and that "the necessity of data retention as provided for in the Data Retention Directive has not been sufficiently demonstrated."

German politicians have spent months working to come up with a way to balance concerns of civil liberties with the interests of law enforcement.

In an e-mail to Ars, Malte Spitz, a member of the German Green Party executive committee, who in 2011 released the data that T-Mobile had captured on him while the law was in effect in Germany, wrote to Ars in an e-mail that the rest of the EU should wake up to Germany’s concerns.

"Instead of bringing Germany to court, the EU Commission would do better, to start withdrawing the data retention directive and not postpone again and again the evaluation of the directive,” he wrote.

Even non-Europeans, like Katitza Rodriguez, of the Electronic Frontier Foundation, say that this situation may have broader implications.

"This legal action against Germany puts the European Union's credibility to the protection of privacy internationally at risk," she wrote in an e-mail to Ars.

"On one hand, the European Union has always taken a strong stand in protecting and promoting data protection legislation vis-à-vis companies, — a legislation that has been praised by the international privacy community. On the other hand, it has adopted one of the most intrusive anti-privacy, anti-free expression, anti-association pieces of legislation in the European Union vis-à-vis governments. Instead of taking action against Germany, the European Union should uphold its commitment to human rights and repeal this mass surveillance Directive."

Listing image by Cédric Puisney