Data Retention Directive Incompatible With Fundamental Rights According To EU Court Of Justice's Advocate General
from the not-quite-what-we'd-hoped-for dept
Almost exactly a year ago, we wrote about two important cases before Europe's highest court, the Court of Justice of the European Union (ECJ). They both involved the European Union's Data Retention Directive, which obliges telecoms companies to retain metadata about their customers -- now an even more contentious issue in the wake of Edward Snowden's leaks. One case was from Ireland, brought by Digital Rights Ireland, which needs donations to carry on its great work, and the other from the Austrian digital rights group AKVorrat (which probably also needs support.)
As is usual, before the ECJ makes its ruling, the court's Advocate General offers an opinion. It's not binding, but it's generally taken into account, and is often indicative of how the court will find. Here's what the Advocate General has just published:
In his Opinion delivered today, Advocate General Pedro Cruz Villalón, takes the view that the Data Retention Directive
is as a whole incompatible with the requirement, laid down by the Charter of Fundamental Rights of the European Union, that any limitation on the exercise of a fundamental right must be provided for by law. According to the Advocate General, the Directive constitutes a serious interference with the fundamental right of citizens to privacy, by laying down an obligation on the providers of telephone or electronic communications services to collect and retain traffic and location data for such communications.
Specifically, he says that from the retained data it is possible to create a detailed and thus intrusive picture of someone's private life, and also notes that by storing this information, there is an increased risk it will fall into the wrong hands, causing damage to the privacy of the person concerned. Because of the seriousness of its incompatibility with fundamental European rights, the Directive should have spelt out key details, rather than leaving it to the Member States of the EU to interpret the rules as they thought best. He also found that:
the Data Retention Directive is incompatible with the principle of proportionality in that it requires Member States to ensure that the data are retained for a period whose upper limit is set at two years.
According to the Advocate General, there is no reason why the upper limit should not be set at just one year. Unfortunately, despite these serious flaws, he did not suggest that the Directive should be rescinded. Instead:
the Advocate General proposes, after weighing up the various competing interests, that the effects of a finding that the Directive is invalid should be suspended pending adoption by the EU legislature of the measures necessary to remedy the invalidity found to exist, but such measures must be adopted within a reasonable period.
In other words, the Advocate General seems to think the problems are fixable, provided the EU adopts suitable measures to address the issues he has raised.
That makes the current opinion something of a mixed bag. On the plus side, it has clearly found that the Data Retention Directive in its present form is incompatible with fundamental European rights; but against that, the Advocate General not only suggested that the problems could be rectified, but even explained how that might be achieved.
The full Opinion is, of course, much more complex than the rough summary above, and experts will argue over what the details might mean for data retention in Europe. In any case, what counts is the final judgement of the ECJ, which may have views that differ from the Advocate General's Opinion in important ways. At least we are now closer to finding out.