— last modified 15 January 2020
Today?s Court of Justice of the European Union (CJEU) Advocate General?s Opinions continues the firmly established case-law of the CJEU considering mass collection of individuals communications data incompatible with EU law.
The Advocate General reaffirms that blanket retention of telecommunication data is disproportionate to its purpoted goal of national security and combating crime and terrorism.
Today, on 15 January, the CJEU Advocate General Campos Sánchez-Bordona delivered his Opinions on four cases regarding data retention regimes in France, Belgium and the UK. These cases focus on the compatibility of these Member States’ surveillance programmes with the existing case law on data retention and the applicability of the ePrivacy Directive in those cases. These cases focus on the compatibility of these Member States’ surveillance programmes with the existing case law on data retention and the applicability of the ePrivacy Directive in those cases.
“Once again, the Advocate General of the CJEU has firmly sided to defend the right to privacy, and declared that indiscriminate retention of all traffic and location data of all subscribers and registered users is disproportionate,” said Diego Naranjo, Head of Policy at EDRi. “The European Commission needs to take note of yet another strong message against illegal data retention laws. While combating crime and terrorism are legitimate goals, this should not come at the expense of fundamental rights. It’s crucial to ensure that the EU upholds the Charter of Fundamental Rights and prevents any new proposal for data retention legislation of a general and indiscriminate nature.”
The Opinions respond to four references for a preliminary ruling, sent by the French Council of State (joined cases C-511/18 and C-512/18, La Quadrature du Net and Others), Belgian Constitutional Court (Case C-520/18, Ordre des barreaux francophones et germanophone and Others) and the UK Investigatory Powers Tribunal (Case C-623/17, Privacy International). The Advocate General confirms that the ePrivacy Directive and EU law applies to data retention for the purpose of national security. He proposes to uphold the case-law of the Tele2 case and stressed that “a general and indiscriminate retention of all traffic and location data of all subscribers and registered users is disproportionate” and that only limited and discriminate retention with limited access to that data is lawful. He states that “the obligation to retain data imposed by the French legislation is general and indiscriminate, and therefore is a particularly serious interference in the fundamental rights enshrined in the Charter” and similar criticism is raised on the Belgian and UK laws.
Following the invalidation of the data retention Directive in the Digital Rights Ireland case in 2014, Member States have been relying on the ePrivacy Directive to enact national data retention legislation. In 2016, the CJEU clarified this possibility and ruled in the Tele2 case that blanket data retention measures are incompatible with the Charter of Fundamental Rights of the European Union. Since then, as the Commission has been reluctant to intervene, civil society organisations have been challenging unlawful data retention legislation in different Member States.
Blanket data retention of telecommunications data is a very invasive surveillance measure of the entire population. This can entail the collection of sensitive information about citizens’ social contacts, movements and private lives, without any suspicion. Telecommunications data retention also undermines professional confidentiality, the protection of journalistic sources and compromises the freedom of the press, and prevents confidential electronic communications. The retained data is also of high interest for criminal organisations and unauthorised state actors from all over the world – several successful data breaches have been documented. Overall, blanket data retention damages preconditions of open and democratic societies.