Surveillance state reverse
April 8, 2014 6:09 AM   Subscribe

Reuters: EU court rules against requirement to keep data of telecom users [different news sources: BBC, The Register] Considerably more detail is available in the ECJ press release (pdf) and the full judgement but the Court has invalidated Data Retention Directive 2006/24/EC and struck a very clear blow against metadata storage in national law as the authority of the directive will soon cease to exist. This has a particular impact for UK MeFites, as UK law was based on the Directive and crucially passed through Parliament via the European Communities Act and thus skipped some review steps but is founded on the validity of the directive being implemented. Remaining national law would of course also be open to challenge on the same grounds.

Press release highlight (see paragraph 50-80 of the judgement for much more detail):
The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented. The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.
This represents a fundamental barrier to recreation of a similar law, particularly given the clear concern of the court at the very action of metadata collection at [72]:
However, the fact remains that the collection (63) and, above all, the retention, (64) in huge databases, of the large quantities of data generated or processed in connection with most of the everyday electronic communications of citizens of the Union (65) constitute a serious interference with the privacy of those individuals, even if they only establish the conditions allowing retrospective scrutiny of their personal and professional activities. The collection of such data establishes the conditions for surveillance which, although carried out only retrospectively when the data are used, none the less constitutes a permanent threat throughout the data retention period to the right of citizens of the Union to confidentiality in their private lives. The vague feeling of surveillance (66) created raises very acutely the question of the data retention period.
that the directive did not limit access to the data sufficiently,
(1) Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is as a whole incompatible with Article 52(1) of the Charter of Fundamental Rights of the European Union, since the limitations on the exercise of fundamental rights which that directive contains because of the obligation to retain data which it imposes are not accompanied by the necessary principles for governing the guarantees needed to regulate access to the data and their use.
and the conclusion that even two years can be an excessive requirement for storage:
(2) Article 6 of Directive 2006/24 is incompatible with Articles 7 and 52(1) of the Charter of Fundamental Rights of the European Union in that it requires Member States to ensure that the data specified in Article 5 of that directive are retained for a period whose upper limit is set at two years.
posted by jaduncan (5 comments total) 9 users marked this as a favorite
Editorial that I didn't put in the post: hurrah for the ECJ for backing freedom from surveillance as a good in and of itself. It's a happy day all round.
posted by jaduncan at 6:10 AM on April 8, 2014 [3 favorites]

Well, looks like the NSA just got a lot of new customers...
posted by jim in austin at 6:27 AM on April 8, 2014

It is unclear how this will play in Sweden:

In 2102, "The Swedish Riksdag voted about the Data Retention Directive today. The directive was adopted with 233 votes against 41. Nineteen members of the Riksdag didn’t vote at all. The outcome was known beforehand since the major parties have announced their intention to vote Yes."

However, the law in Sweden was limited to six months (telecoms normally keep such data for six months to process the information for billing purposes - a technical requirement which I assume will remain unchanged.) The so-called FRA law was at the time criticised by Rikskriminalen for only allowing six months of data storage (which was a restriction over previous practice.)

If the upper limit is now clarified to be two years, the impact of the ECJ decision could actually be negative here.

Moreover, if the NSA is the only one retaining this data, now there is no one to challenge them when they falsify their records to set someone up for political purposes.
posted by three blind mice at 6:43 AM on April 8, 2014 [1 favorite]

Isn't it saying that "even two years can be .. excessive" though?
posted by jeffburdges at 6:53 AM on April 8, 2014

« Older Home. Sweet. Home.   |   Le Douanier Newer »

This thread has been archived and is closed to new comments