This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

BERLIN (AP) — The European Union’s top court has ruled that a German requirement for companies to retain the location and connection data of all people who use their services is illegal.

The European Court of Justice said in a ruling published Tuesday that exceptions can be made in cases where national security is threatened.

The ruling, which comes after a complaint by two German telecoms companies, is in line with previous privacy verdicts by the court, which has argued that data must not be collected if that means creating a complete profile of a person’s movements and contacts.

German authorities had introduced a blanket requirement for companies to store such data for a limited period of time in 2007. It was later halted pending legal challenges, and has been suspended in its current form since 2017.

The country’s top security official, Interior Minister Nancy Faeser, said the ruling by the Luxembourg-based EU court provided legal certainty and the government would now examine other options — such as storing of IP addresses — that allow authorities to fight serious crimes such as child abuse.