I'm assuming there's some kind of protection for ISPs, or it'd be impossible to run one in Germany. Couldn't they apply to the same rules, since they're effectively an ISP?
The idea of ISP protection is to say that some particular other person is responsible, instead of the ISP, so that they can get sued/fined/imprisoned instead. Looks like these guys were not tracking that.
My German isn't good enough to understand those articles, and I'm finding it a bit tricky to understand the Google translation. The jist I'm getting from those two pages is that the access provider isn't liable for what is transmitted if the transfer is initiated by another user.
I think the bit I'm referring to would be covered by § 15 paragraph (4), which Google translates to "To comply with existing legal, statutory or contractual retention periods, the service provider may block the data." I think "block" here means "store", in the sense that the user data which includes "Information on the beginning and end and the extent of each use" (paragraph 1) needs to be recorded (and retained) for a period of time required by a different statute.
I feel like I only understand about 30% of those documents, I might make more progress with a better translation!
Sorry, i oversaw your reply. That paragraph is about what a provider may store, and it is pretty rigid. As far as i know, in practice they save more (that law is not fully followed).
>(4) Der Diensteanbieter darf Nutzungsdaten über das Ende des Nutzungsvorgangs hinaus verwenden, soweit sie für Zwecke der Abrechnung mit dem Nutzer erforderlich sind (Abrechnungsdaten). Zur Erfüllung bestehender gesetzlicher, satzungsmäßiger oder vertraglicher Aufbewahrungsfristen darf der Diensteanbieter die Daten sperren.
This informally translates to:
"The provider may use data about the usage after the usage, if those data are necessary to calculate the billings. He may save those data to fulfill existing deadlines, coming from law or contract"
There don't seem to exist an english translation of that law.
