EU scraps data collection law

Comment on this story


iol scitech dec 12 swiss data centre

AFP

File photo: Deltalis' Patrick Mueller opens a bunker door of the Deltalis Swiss Mountain Data Center. The decision to scupper the 2006 Data Retention Directive comes as Europe weighs concerns over electronic snooping.

Luxembourg - Europe's top court on Tuesday struck down an EU law forcing telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.

By allowing EU governments to access the data, “the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” the European Court of Justice (ECJ) said.

Advocate General Pedro Cruiz Villalon declared the legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.

The decision to scupper the 2006 Data Retention Directive comes as Europe weighs concerns over electronic snooping in the wake of revelations about systematic US surveillance of email and telephone communications.

The revelation that US agencies collected data on millions of European citizens - and even tapped the phone of German Chancellor Angela Merkel - sparked a wave of controversy and prompted lawmakers on both sides of the Atlantic to rethink their data surveillance laws.

Last month President Barack Obama put forward a long-awaited plan to end Washington's bulk collection of telephone records, although critics said the measures should be extended beyond just phone records.

The court's decision reinforced a general European stance strongly upholding individuals' rights to privacy, contrasting with a US position that often supports more invasive policies in the interests of public security.

The 2006 directive called for EU states to store individuals' Internet, mobile telephone and text metadata - the time, date, duration and destination, but not the content of the communications themselves - for six months to two years.

This data could then be accessed by national intelligence and police agencies.

But the Luxembourg-based ECJ, examining Austrian and Irish cases, declared the law invalid because it conflicted with the basic rights to privacy and expectation of personal data being protected.

The court found it “exceeded the limits imposed by compliance with the principle of proportionality”.

The law should be more restrictive, both in terms of what data are captured and authorities' access to them to ensure that “interference is actually limited to what is strictly necessary,” the court said.

While it noted the law was useful in fighting serious crime, it ruled there was insufficient oversight to prevent abuse and ensure the data's destruction at the end of the retention period.

In particular, it said the law's failure to stipulate that the data must be retained in the EU in order to guarantee it would not be used for illicit purposes was dangerous.

Cecilia Malmstrom, the EU's commissioner for home affairs who has been working to reform the directive, said Brussels would carefully assess the verdict and will adequately respond to the problems raised.

“Welcome clarity brought by the Court of Justice on the Data Retention Directive, in line with the Commission's critical evaluation report,” she said on Twitter. - Sapa-AFP

Hungry for more scitech news? Sign up for our daily newsletter


sign up
 
 

Comment Guidelines



  1. Please read our comment guidelines.
  2. Login and register, if you haven’ t already.
  3. Write your comment in the block below and click (Post As)
  4. Has a comment offended you? Hover your mouse over the comment and wait until a small triangle appears on the right-hand side. Click triangle () and select "Flag as inappropriate". Our moderators will take action if need be.

     

Join us on

IOL-Social networks IOL-Social networks IOL-Social networks IOL-Social networks