EU's highest court strikes down mass surveillance under the Data Retention Directive

The European Court of Justice, the highest court in the EU, has invalidated the European Parliament's Data Retention Directive, which required phone companies and ISPs to store your clicks, email subjects and to/from info, your location data, and other sensitive "metadata" for up to two years. The ECJ cited the UN Human Rights Committee's condemnation of this sort of data-retention and its call for the USA to halt its surveillance. We have Digital Rights Ireland and AK Vorrat Austria to thank for the ruling.

Finland has led EU nations in rejecting mass surveillance, with its Minister of Communications, Krista Kiuru, declaring that Finland "wants the be a model country in privacy." However, the UK, one of the world's most prolific and lawless surveillance states, is likely to insist on keeping the data-retention law and expanding it in accord with the "Snooper's Charter" plan that the Conservative party keeps reintroducing.

While the decision comprehensively rejects the current directive, some states may put up a fight to keep their laws, while others could take this opportunity to become champions of their citizens' privacy. The Finnish Minister of Communications, Krista Kiuru, has already declared a full review of Finnish law in the light of the decision, declaring that "if [Finland] wants the be a model country in privacy, Finnish legislation has to respect the fundamental rights and rule of law." The German and Romanian data retention laws have already been declared unlawful by their national constitutional courts. Governments advocating retention, like the UK, may argue that they can still maintain their existing data retention laws, or there may even be an attempt to introduce a whole new data retention directive that would attempt to comply with the ECJ's decision.

However the data retention regime unwinds in Europe, this decision sends an important signal to other countries in the world who are considered the same path as the EU. Brazil's online activists have been fighting hard to keep data retention out of their flagship Internet Bill of Rights, the Marco Civil. The law, which is about to be considered by the Brazilian Senate, would require ISPs to record personal data for one year, and other service providers log keep private information on their users for six months. New laws requiring mandatory data retention by companies in the United States have also been championed by the Obama administration's Department of Justice, and have been proposed by the Whitehouse as a "solution" to the NSA spying scandal. As the ECJ's decision shows, the indiscriminate recording and storage of every aspect of innocent civilians' online lives is a travesty of human rights, no matter where that collected data is housed.

Data Retention Directive Invalid, says EU's Highest Court [Danny O'Brien/EFF]

Notable Replies

  1. MikeR says:

    I'm waiting to see how the Conservatives and the authoritarian wing of the Labour Party will demand that the UK secures another opt out so that yet another chunk of EC law can't be enforced in the UK. No doubt we'll be told it's all in our best interests and we need the snooper's charter to protect us all from terrorists and paedophiles and goblins.

    Doubtless the likes of Cameron and Farage will use it as another excuse to beat up the EU for imposing laws on the UK - no matter that this one is in the interest of the average citizen. But we'll be told that it's a criminal's charter - worse still some of them might be 'foreign'!

  2. KarlS says:

    I am not supposed to tell you, but we on the continent envy your glorious victories in the War on Terror and we decided to hamstring you.

Continue the discussion

5 more replies