EU data retention directive thrown out by European Court of Justice

EU data retention directive thrown out by European Court of Justice

Summary: Opponents of Europe's data retention directive now have the legal standing to challenge it at a national level.

SHARE:
0

The European Court of Justice (ECJ) has ruled against a European Union directive which mandates that telecom operators must retain all their customers' communications data for up to two years.

"The Court of Justice declares the Data Retention Directive to be invalid," it said in a statement today.

Europe's data retention directive telecoms was introduced in 2006 following the Madrid bombings two years earlier, intended as a measure to help authorities combat serious crime and terrorism.

Under the directive, operators are expected to store traffic, location and subscriber data for between six months and two years. Authorities can then access that information in order to identify who contacted whom and when, without knowing the contents of the communication in question.

According to the court: "By requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data."

Courts in Austria and the High Court of Ireland had asked the ECJ to examine whether the directive was consistent with the Europe's Charter of Fundamental Rights, which is meant to guarantee a respect for private life and the protection of personal data.

While the ruling is a major win for opponents of the directive, it doesn't mean its end in countries that had passed national legislation enacting it. The national courts will now need to resolve local disputes in accordance with the ECJ's ruling.

Online rights advocate Digital Rights Ireland brought a case regarding the directive against Irish authorities in 2006. Its chairman TJ McIntyre said: "This is the first assessment of mass surveillance by a supreme court since the Snowden revelations. The ECJ's judgement finds that untargeted monitoring of the entire population is unacceptable in a democratic society."

According to the court, the directive "exceeded the limits imposed by compliance with the principle of proportionality" and didn't ensure the interference it caused with the two fundamental rights was limited to what was "strictly necessary".

The ECJ found several problems with the directive — including the fact that it involved a blanket storage requirement without any exception or limitation for the seriousness of the crime, and that authorities could access the data without court review so long as it was "serious crime" under each nation's law.

The directive also lacked requirements for operators to protect the data against the risk of abuse and that it didn’t require data be retained within the EU, the court said.

Read more on the history of the directive

Topics: Legal, Privacy, Security, Telcos, EU

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion