EU court scraps data retention directive

Written by on April 8, 2014 in Europe - Comments Off on EU court scraps data retention directive

The European Court of Justice (ECJ) has ruled to declare the 2006 EU directive that authorised bulk collection of telecommunications data as invalid.

The directive “entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary,” the court said on April 8.

The ECJ was asked to rule on the directive by the Irish high court and Austria’s constitutional court, stemming from separate lawsuits filed by an Irish firm, the Austrian province of Carinthia and more than 11 000 individual plaintiffs in Austria.

Directive 2006/24/EC, as it is formally called, set EU-wide rules on data collection “for the purpose of the prevention, investigation, detection and prosecution of serious crime, such as, in particular, organised crime and terrorism.”

In its entirety, such data may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented, the court said.

“The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” the ECJ said.

While data retention did satisfy “an objective of general interest, namely the fight against serious crime and, ultimately, public security”, the directive “exceeded the limits imposed by compliance with the principle of proportionality.”

The issue of bulk data collection has gained renewed prominence over the past year, since the revelations made public by whistleblower Edward Snowden concerning activities carried out by the US National Security Agency. The agency carried such operations in Europe with the aid of UK spying agency GCHQ.

The ECJ touched on the issue in its statement, saying that by not requiring that any data collected must be retained inside the EU, “the directive does not fully ensure the control of compliance with the requirements of protection and security by an independent authority […] Such a control, carried out on the basis of EU law, is an essential component of the protection of individuals with regard to the processing of personal data.”

“Given that the Court has not limited the temporal effect of its judgment, the declaration of invalidity takes effect from the date on which the directive entered into force,” the ECJ said.

 

Comments

comments

About the Author

The Sofia Globe - Bulgaria’s fully independent English-language news and features website, run by an all-expatriate team. Sign up to subscribe to sofiaglobe.com's daily bulletin by using the form on the homepage of our website. Please click to support our advertisers!