Data retention interferes with privacy – European Court opinion
Judges to begin deliberations in case taken by Irish advocacy group
European Court advocate general, Pedro Cruz Villalón, said the Data Detention Directive should have defined the principles that govern the setting of minimum guarantees for access to and use of the collected data.
An EU directive that requires telecoms and internet providers to store data on phone and email traffic for two years is a serious interference with citizens’ right to privacy, the European Court of Justice has said in a legal opinion.
In a case taken by Digital Rights Ireland (DRI), which campaigns for online rights protection, the court’s advocate general, Pedro Cruz Villalón, said this limitation on the right to privacy meant the Data Detention Directive was incompatible with the Charter of Fundamental Rights.
The advocate general’s opinion is not binding on the court, whose judges will now begin their deliberations in this and a related case, but in the great majority of cases his opinion is reflected in the final judgment.
DRI took a High Court challenge to the Government’s retention of internet and phone records, a case that was referred to the European court.
Mr Cruz Villalón said laying down an obligation on telecoms and internet providers to collect and retain traffic and location data for calls and emails meant the information could be used to create a “faithful and exhaustive map” of a large portion of a person’s conduct in his private life.
Moreover, he said, there was an increased risk the retained data might be used for unlawful purposes which were detrimental to privacy, fraudulent or even malicious. He noted the data was not retained by public authorities, or even under their direct control, but by the providers themselves.
He said the directive should have defined the principles that govern the setting of minimum guarantees for access to and use of the collected data. Instead, the directive assigns that task to member states.
He said the directive pursued a perfectly legitimate objective of ensuring collected data was available for the investigation and prosecution of serious crimes. But he could not see sufficient justification for not limiting the data retention period to be established by member states to less than one year.
Rather than declaring the directive invalid, he concluded that that finding should be suspended until EU authorities addressed the privacy concerns in new legislation.