From Internet Policy Review – Feed of all News articles: European Court of Justice calls data retention directive off
“Let’s see what Europe’s got,” one member of a highly nervous Twitter-community tweeted as the Grand Chamber of the European Court of Justice in Luxembourg announced in its decision that the European Union’s data retention directive is just plainly and simply invalid. In its reasoning, the Court knocked down judicial arguments pro and contra to focus on the basic outcome of the instrument: mass surveillance and violation of fundamental rights.
After all the considerations about how grave existing fundamental rights are limited by the EU data retention directive (2006/24) and about the reasoning of legislators on the needs for the up to 2-year storage of communication traffic and location data, the 15-judge chamber Tuesday morning dismissed the much fought over directive completely. It ruled that the EU legislature has just “exceeded the limits imposed by compliance with the principle of proportionality in the light of articles 7, 8 and 52(1) of the EU Charter of Fundamental Rights.”
Well-meant ends do not justify all means
Certainly, the judges said, the retained data was “a valuable tool for criminal investigations” and “consequently, the retention of such data may be considered to be appropriate for attaining the objective pursued by that directive,” namely the fight against terrorism and serious organised crime. Yes, the legislator was right to reject the argument of several complainants who were saying that anonymous communications would “make that measure inappropriate”.
And yes, “it must be held that the fight against serious crime, in particular against organised crime and terrorism, is indeed of the utmost importance in order to ensure public security and its effectiveness may depend to a great extent on the use of modern investigation techniques.”
But, and the judges made it a big BUT, even such an important “objective of general interest, however fundamental it may be, does not, in itself, justify a retention measure such as that established by Directive 2006/24 being considered to be necessary for the purpose of that fight.” The highest EU judges clearly come to the conclusion that even a well meant end does just not justify all means and, that certain fundamental rights have to be protected regardless of the inconveniences that this protection might entail.
Massive intrusion at random into the lives of citizens
The fundamental rights of privacy and data protection (respectively articles 7 and 8) can be limited, the judges told the EU legislator, “only if they are necessary and genuinely meet objectives of general interest recognized by the Union or the need to protect rights and freedoms of others” and “subject to the principle of proportionality”. This is where the directive, which – as reported by the Internet Policy Review in July 2013 – was challenged in joint cases brought to Luxembourg after extended fights in national courts (by Digital Rights Ireland, over 11.000 citizens of Austria supporting the activist group AKVorrat and, the regional government of Carinthia), failed.
It covered, the ruling reads, “in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.” The directive did not even require “any relationship between the data whose retention is provided for and a threat to public security.” There were no clear limits on time periods or zones, or likely suspects and there were not even clear limits on access by authorities. The lack of protection of misuse of data looks nearly like a second thought, after all these arguments.
Commentators said the Court even went one step further than the already clearly critical comments of the General Prosecutor in December 2013. Not only had the Prosecutor considered possible limitations to ‘heal’ the problems, he also held that no immediate nullification was necessary, Rena Tangens from the civil society organisation Digital Courage told the Internet Policy Review after the ruling. While not spelling it out, the Court seems to be convinced that the nature of the directive to put every EU citizen under a general suspicion was just one step too far and cannot be easily healed by adding some limitations here and there, she thinks. “It is a good day for civil rights,” she commented.
Reactions: the political fight goes on
The complainants were very satisfied with this judgement. “Austria’s civil society has won a victory defending the fundamental rights of citizens of the European Union after four years of hard work,” Andreas Krisch, Chairman of Austria’s AKVorrat, said. Now Austria’s Constitutional Court has to implement the ruling which means, for the first time in history, a complete dismissal of a directive. “Based on today’s ruling, we expect that Austria’s implementation of the directive will soon be annulled,” Krisch said.
Complainant Digital Rights Ireland welcomed the decision, applauding the Court’s finding that the data retention directive “entails an interference with the fundamental rights of practically the entire European population.” TJ McIntyre, Chairman of Digital Rights Ireland, said according to a press release, the first assessment of mass surveillance by a supreme court since the Snowden revelations, found “that untargeted monitoring of the entire population is unacceptable in a democratic society.”
McGarr Solicitors, who represent Digital Rights Ireland added: “This case is a profound statement of European values by Europe’s top court. The court has rejected the principle of mass surveillance of EU citizens without suspicion as incompatible with the Charter of Fundamental Rights. It will be up to individual member states to now ensure their domestic law is in compliance with the ECJ’s judgement.”
So, take note, that’s “what Europe’s got”.