Europe’s top court chalks up more strikes against bulk data retention • TechCrunch


More blows against EU’s pervasive and indiscriminate data retention: The EU’s top court today issued several rulings in joint cases – including one related to Deutsche Telekom’s data retention law, which was challenged by Deutsche Telekom and ISP SpaceNet; Another raised questions about the French government’s full retention of telecoms data, which was questioned after it was used by the financial services regulator in insider trading cases.

“The court affirms that EU law prohibits the pervasive and indiscriminate retention of traffic and location data except in circumstances where there is a serious threat to national security,” the court wrote in a statement. Press release In its judgment on the German case referral, the judgment found that national data retention laws seriously interfered with the fundamental rights of the data-retainees, confirming its previous case law.

“As a precautionary measure, in order to combat market abuse crimes, including insider trading, operators not authorized to provide electronic communication services indiscriminately retain traffic data for a period of one year from the date of recording,” the European Court of Justice wrote in a second Press releaseon the recommendation of the French.

Its ruling there also upholds existing case law, which basically means that EU member states cannot (or, should not) deploy creative workarounds to (try to) avoid the European Court of Justice declaring a requirement to be universal and indiscriminate National law for retention of telecommunications Data is invalid under EU law.

We’ve been here many times before – so Deja Vu is real. But while indiscriminate mass collection is clearly inconsistent with EU fundamental human rights law, so is the willingness of EU member states to acquire and preserve data for a wide range of “crime-fighting” purposes. As a result, legal challenges and rulings of the European Court of Justice continue to emerge.

It is questionable why national courts continue to refer issues to the EU Court of Justice when there is ample jurisprudence that general and indiscriminate data retention is incompatible with EU law – but the basic strategy (of member states) looks similar to A war of attrition, state lawmakers have taken every CJEU’s strike as an opportunity to restructure and redouble efforts to pass a new bulk collection law that hits the Rams style in hopes of exploiting cracks in the legal shield to prevent general reservations.

These cracks may be widening.

Earlier this year, the CJEU strengthened its guidance on targeted exceptions – which it said at the time could allow for the mass collection of digital evidence to combat serious crime, such as in places with high crime rates or high tourist numbers (such as airports) or other Locations with critical infrastructure.

Its ruling today filed against Germany reiterates the growing number of exceptions that courts have indicated may allow bulk data retention legislation – in specific circumstances and circumstances (such as a serious threat to national security) – with due scrutiny ( e.g. by a court) – and as long as some target (e.g. a specific geographic location) and/or other constraints (e.g. a period of time) are involved.

This includes “exceptions for the indiscriminate retention of IP addresses assigned to the source of an Internet connection for a period of time limited to a strictly necessary time frame” – a fairly generous amount given how much personal data there may be allowance. It can be traced back to IP addresses, and how malleable the strictly necessary timeline is, depending on the stated purpose.

So the fact that national data retention regimes have consistently failed to fall within these boundaries shows that there is a lot of dishonest legislation going on.

In its ruling on German law, the European Court of Justice objected to its making what the press release described as “a very broad set of traffic and location data” retention requirements — 10 and four weeks respectively — which it warned “could allow draw very accurate conclusions about the private lives of persons whose data are retained, such as daily living habits, permanent or temporary residence, daily or other activities, activities performed, the social relationships of these persons and the social environment in which they frequent, Especially being able to build profiles of these people.”

Digital rights advocates urge European Commission not to ignore another hit by ECJ on overbearing data retention – in Leaked papers obtained by German blogger netzpolitik last year EU executives are advised to try a number of ways in terms of data retention, including the possible introduction of new EU data retention laws.

The latter may turn out to be a cynical tactic to solve the problem by inviting another lengthy round of CJEU referrals. The last EU data retention directive was dismissed by the courts about a decade ago – namely the Irish Digital Rights ruling in 2014 – and any proposals from the EU to try to legislate to expand the scope of data retention, the CJEU said, would be set to be fail in the future.

But perhaps the European Commission’s repeated attempts to restart EU-US data transfers since 2015 (see: Safe Harbor, Privacy Shield) have also provided it with a template to defy court wishes about data retention.

in a statement Following today’s ECJ ruling, MEP Patrick Breyer of Germany’s Pirate Party urged the EU to develop an alternative, writing: “Today’s ruling only describes the most external restrictions that are legally feasible and should not be viewed as Guidance manual. I warn the European Commission not to ignore the validity and detrimental impact on society of comprehensive data retention with a new proposal that would place 450 million EU citizens under widespread suspicion! Instead, we need to focus on speed and cross-border Preserving digital traces of suspects (quick freeze).”



Source link

Leave a Reply

Your email address will not be published.