EU Data Retention Directive Declared Invalid

The Court of Justice of the European Union today declared the Data Retention Directive invalid in a joint case brought by Digital Rights Ireland and an Austrian group. This is a great win by privacy advocates against a law that was over reaching, uncontained and unsafe. The courts own press release is a short three page read but some of the key elements include (all emphasis theirs):

  • the data “may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented”;
  • the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data
  • “the directive covers, in a generalised manner, all individuals, all means of electronic communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime”
  • “the directive fails to lay down any objective criterion which would ensure that the competent national authorities have access to the data and can use them only for the purposes of prevention, detection or criminal prosecutions concerning offences that … may be considered to be sufficiently serious to justify such an interference” and “the directive does not lay down substantive and procedural conditions under which the competent national authorities may have access to the data and subsequently use them”
  • “the directive does not provide for sufficient safeguards to ensure effective protection of the data against the risk of abuse and against any unlawful access and use of the data.”
  • and, shockingly (if none of the above was shocking enought), “the directive does not require that the data be retained within the EU“.

This is indeed a good day for digital rights, privacy rights and common sense. We all owe a debt of gratitude to the volunteers at Digital Rights Ireland.