By James Fontanella-Khan
Europe’s top court has ruled that EU law forcing telecom operators to store customer data for up to two years was illegal, in a decision that will force a change to European privacy laws.
The European Court of Justice said on Tuesday that the requirement for companies to retain data interferes in a “particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.”
The court’s decision follows the storm of controversy caused by Edward Snowden, the US security contractor, who exposed details of sprawling US and UK online surveillance and data collection activities.The revelations that US spies – with the support of their British counterparts – snooped on the data of millions of US and EU citizens as well as senior officials, including German ChancellorAngela Merkel , led both the White House and the EU to reconsider their surveillance and privacy regimes.
The Obama administration said last month that it was preparing legislation that would end the surveillance and storage of data on millions of Americans by the NSA, although it would continue to have access to information via a court order.
The European Parliament, meanwhile, passed laws in March that put in place stronger data protection safeguards and called for the suspension of key data sharing agreements with the US following the leaks made by the US whistleblower.
Mr Snowden told MEPs ahead of the vote that the US successfully pressured EU governments to weaken laws protecting their communications systems, allowing American spies to tap into vast troves of data on EU citizens with impunity.
In 2011, senior officials in the Obama administration had also successfully lobbied the European Commission, which at the time was drafting new privacy legislation, to strip its data protection law of a measure that would have limited the ability of US intelligence agencies to spy on EU citizens.
The evidence clearly shows that indiscriminate, highly intrusive data collection . . . has also totally failed to lead to any noticeable improvement in law enforcement– Jan Philipp Albrecht, Green MEP
The court’s ruling on Thursday relates to a 2006 EU law known as the Data Retention Directive, which was imposed in the aftermath of terror attacks in New York, Madrid and London. At the time, security concerns had overruled fears that the data storage measures would infringe individual’s privacy rights as national antiterrorist agencies argued that having access to such information was vital to thwart new attacks.
Cecilia Malmström, EU commissioner for home affairs, said that Brussels would carefully assess the court’s verdict and will adequately respond to the problems raised by the ECJ.
Advocates for stronger data protection rules welcomed the court’s ruling as it will give them further legitimacy to put pressure on national governments to back the tougher privacy safeguards approved by the European Parliament in March.
“The European Court of Justice’s verdict on the incompatibility of the Data Retention Directive with the EU Charter of Fundamental Rights is a major victory for civil rights in Europe,” said Jan Philipp Albrecht, a Green MEP and privacy advocate.
“The evidence clearly shows that indiscriminate, highly intrusive data collection not only infringes human rights to privacy and data protection but has also totally failed to lead to any noticeable improvement in law enforcement.”