GUE/NGL
News

Data retention

2ND LEAD: EU court rejects data retention law for breaching privacy By Helen Maguire, dpa Eds: Adds reax
8 April 2014
Deutsche Presse-Agentur

Luxembourg (dpa) – The European Union's top court on Tuesday scrapped a law requiring telecommunications companies to log private data for law enforcement purposes, arguing that it breaches citizens' fundamental rights.

The Data Retention Directive was adopted as part of anti-terrorism measures in 2006, after attacks in London and Madrid. It specifies that firms must save data for a period of up to two years, calling on member states to implement the necessary laws.

“The directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” wrote the European Court of Justice (ECJ). “The court declares the directive invalid.”

“It is as if it never happened,” a European Commission source said of the 2006 directive, speaking on condition of anonymity. As a consequence, he said, “at EU level, there are no rules on data retention.”

National data retention rules implemented in line with the EU directive initially remain in place, however, in 26 of the bloc's 28 member states.

The commission, which drafted the 2006 law, will “carefully assess the verdict and its impacts,” said EU Home Affairs Commissioner Cecilia Malmstrom. “We remain clearly and seriously committed in fighting crime and terrorism,” said her spokesman, Michele Cercone.

Privacy and data retention is a highly sensitive issue, which flared up last year after revelation of US espionage, including wide-scale surveillance of EU citizens.

Campaign group European Digital Rights welcomed the ruling, ending “eight years of abuses of personal data,” according to the group's director, Joe McNamee. “This affront to the fundamental rights of European citizens has finally been declared illegal,” he said.

“Surveillance must always be the exception, not the rule,” said Socialist EU lawmaker Hannes Swoboda, while Cornelia Ernst of the far-left GUE/NGL party called for a review of other data collection measures, “to win back the respect for privacy.”

But EU lawmaker Timothy Kirkhope of the European Conservatives and Reformists called the ruling “frustrating,” and said, “Criminals and terrorists are growing increasingly sophisticated, so law enforcement must have the tools necessary to keep up with them.”

The 2006 directive was introduced to make information available for the “prevention, investigation, detection and prosecution of serious crime,” such as terrorism, the court wrote.

The judges did not reject the principle of data retention, saying it “genuinely satisfies an objective of general interest, namely the fight against serious crime and, ultimately, public security.”

However, the judges challenged the extent and the indiscriminate nature of data collection and access to that information under the directive.

The law stipulated the collection of data relating to communications between individuals – such as emails and telephone calls – including their location, time and frequency. It did not permit recording the content of such communications.

But this data could provide “very precise” private details, the court found, “such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented.”

This would likely give the affected individuals “a feeling that their private lives are the subject of constant surveillance,” the judges said.

They also criticized a lack of safeguards to ensure that the law is not abused, or that it is only applied when strictly necessary. Data should not be made available without prior assessment by a court or independent administrator, the judges argued.

The ruling responds to legal challenges brought in Ireland and Austria, which were referred to the Luxembourg-based judges.

Germany has also challenged the directive, with its constitutional court ruling in 2010 that it broke telecommunication secrecy laws.

“This has brought about a new situation,” German Justice Minister Heiko Maas said of Tuesday's decision, adding, “Germany is no longer committed to implementing the (data retention) directive.”