© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
Last updated: April 8, 2014 6:07 pm
Europe’s top court has ruled that EU law forcing telecommunications companies to store customer data for up to two years was illegal, a decision that will lead to a change to privacy laws.
The European Court of Justice said on Tuesday that the requirement for mobile operators and internet service providers to retain data interfered in a “particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data”.
The court’s ruling relates to a 2006 EU law, known as the Data Retention Directive, which was imposed in the aftermath of terror attacks in New York, Madrid and London. At the time, security concerns had overtaken fears that the data storage measures would infringe an individual’s privacy rights as national antiterrorist agencies argued that having access to such information was vital to thwart attacks.
However, following the controversy caused by Edward Snowden, the US security contractor, who exposed details of sprawling US and UK surveillance and data collection activities, citizens privacy rights are back on the agenda for European policy makers and courts.
The case leaves telecom operators and ISPs in limbo over what do with the information they hold, said lawyers working in the field.
“Whilst any review of the ... directive will be a move welcomed by many, it does create massive uncertainty for the likes of major telecoms providers and ISPs for whom there’s less clarity around how long they are required to keep data,” said James Mullock, a lawyer at Osborne Clarke law firm. “The Commission needs to tackle [this] quickly.”
The European Commission will now have to either amend or scrap the legislation, a process that could take years and requires the approval of the Parliament and national governments.
Cecilia Malmström, EU commissioner for home affairs, said Brussels would assess the court’s verdict and respond to the problems raised.
Washington said last month it was preparing legislation that would end the surveillance and storage of data on millions of its citizens by the NSA, although it would continue to have access to information via a court order.
The European Parliament, meanwhile, passed laws in March that put stronger data protection safeguards in force and called for the suspension of data-sharing agreements with the US following the leaks made by the US whistleblower.
Mr Snowden told MEPs ahead of the vote that the US successfully pressed EU governments to weaken laws protecting their communications systems, allowing American spies to tap into data on EU citizens with impunity.
In 2011, senior officials in the Obama administration had also lobbied the European Commission, which at the time was drafting privacy legislation, to strip its data protection law of a measure that would have limited the ability of US intelligence agencies to spy on EU citizens.
The evidence clearly shows that indiscriminate, highly intrusive data collection . . . has also totally failed to lead to any noticeable improvement in law enforcement
- Jan Philipp Albrecht, Green MEP
TJ McIntyre, chairman of Digital Rights Ireland, a human rights lobby group, which brought the case, said: “This is the first assessment of mass surveillance by a supreme court since the Snowden revelations. The ECJ’s judgment finds that untargeted monitoring of the entire population is unacceptable in a democratic society.”
“The European Court of Justice’s verdict on the incompatibility of the Data Retention Directive with the EU Charter of Fundamental Rights is a major victory for civil rights in Europe,” said Jan Philipp Albrecht, a Green MEP and privacy advocate.
Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in