EU Lawyers Confirm 'General And Blanket Data Retention Is No Longer Possible' In European Union
from the take-that,-David-Cameron dept
As we commented back in June, one of the key questions posed by the important ruling of Europe's highest court that the EU's current data retention requirements were "invalid" is: so what will the EU's Member States do now? Will they simply repeal their national legislation that was passed to implement the EU Directive, or will they claim that broad-based data retention is nonetheless still possible, as the UK has done? Although the UK government will doubtless try, it's going to be much harder to argue that the European Union's Court of Justice ruling leaves any room for the kind of broad-based data retention that David Cameron's government wants in the wake of the following news:
civil liberties campaigners AK Vorrat have now obtained internal documents showing that at a recent closed meeting of EU Justice and Home Affairs ministers the Council's Legal Services stated that paragraph 59 of the European Court of Justice's ruling on the Data Retention Directive "suggests that general and blanket data retention is no longer possible".
Here's what paragraph 59 of the ruling says:
Moreover, whilst seeking to contribute to the fight against serious crime, [the Data Retention] Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.
That admission is likely to strengthen legal challenges to the UK's new DRIP law. It also undercuts claims by the Australian Attorney General George Brandis that data retention is "very much the way in which Western nations are going". Since EU lawyers have said that any kind of excessive data retention is illegal in European Union nations, Brandis will find it harder to paint his own extreme retention plans as nothing to get worked up about and simply part of a wider trend. Whether or not they were before, now, they're certainly not.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: blanket data retention, data retention, eu, privacy, uk
Reader Comments
Subscribe: RSS
View by: Time | Thread
ELI5?
To me, para 59 says that the data retention directive doesn't require a link between the data and threat to public security, and then gives a couple of examples in particular.
Why does that suggest blanket collection is prohibited? Saying a link isn't required doesn't seem to close off anything. Saying a link must or must not be present would start to close off options, but just saying a link could be there but doesn't need to be isn't helpful?
Can someone explain like I'm 5?
[ link to this | view in chronology ]
Re: ELI5?
[ link to this | view in chronology ]
Re: Re: ELI5?
The Data Retention Directive 2006/24 (DRD) said that member states have to store everyone's data
However Article 7 of the Charter of Fundamental Rights of the EU says that "Everyone has the right to respect for his or her private and family life, home and communications".
In June the DRD was found to be invalid due to the conflict with Article 7, so member states are busy constructing ways to still do mass surveillance without breaching Article 7.
These latest documents however suggest that (one of) the key points why the DRD breached Article 7 was it didn't require a link between the person being surveilled and a threat to security, or a particular place/time.
Therefore in order to avoid breaching Article 7, any new data retention measures have to be targeted in some way.
Therefore, no blanket surveillance of everyone.
Yes?
I'm sure our "security" services are busy working out loopholes. GCHQ could define "the world" as a specified geographic area but that would let those terrorists on the ISS go uncaught - and they sound like they are linked to the ISIS guys in Iraq. Instead GCHQ could take a leaf from copyright and define a limited time to be forever less a day.
[ link to this | view in chronology ]
Re: Re: Re: ELI5?
[ link to this | view in chronology ]
The data retentive will proceed to have a cow.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
GCHQ has always been "NSA Lite"
The UK is often more of a test lab for US policies than a country in its own right.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]