Following an important development in the two cases against the EU’s Data Retention Directive, Open Rights Group’s (ORG) Peter Bradwell explains the cases and the crucial Advocate General’s opinion released today that does not favour the Directive.
The Data Retention Directive is a European law that allows governments to require companies to collect information about our communications and then make it available to law enforcement. Today an “Advocate General” at the Court of Justice of the European Union issued an opinion on whether this law conflicts with the rights to private life (Article 7) and the protection of personal information (Article 8) set out in the Charter of Fundamental Rights of the European Union. Judges, considering two cases brought against this Directive will take into account this opinion, which argues that the Directive does breach these fundamental rights.
Who is involved?
The case is a combination of two complaints, one brought in Ireland by Digital Rights Ireland and another brought by a group of parties in Austria. The Court decided to hear these two together.
There was a hearing on 9th July during which the parties who brought the complaints gave evidence, as did the European institutions (Commission, Parliament and Council) and the European Data Protection Supervisor.
What are the main issues?
The parties are arguing that the Data Retention Directive is incompatible with the Charter of Fundamental Rights. Basically, the question is whether governments can require communications providers to collect store communications information about all of us and for law enforcement to be able to access this data.
If legislation conflicts with our rights, the Court has established that the measures need to be necessary and must strike a proportionate balance. So the Court asked about how the law might interfere with articles 7 and 8; what objective evidence the European Union used when deciding that the Directive was necessary; whether the Union achieved a balance in this case; and about the provisions relating to the security of the data involved.
In their arguments in the hearing in July, the parties said that there is no evidence that the retention powers set out in the Directive are a necessary and proportionate method of tackling crime and terrorism, and that the data has been used for investigating crimes for which the Directive was not intended. You can read more about what was said at the hearing in the summary by EDRi.
ORG has also campaigned against Data Retention, and co-signed a letter in 2010 to the European Commission which goes through some of the reasons why.
Statewatch also recently produced a report on the effectiveness of Data Retention. The report describes how the Directive became law, how countries in Europe implemented it, and describes the various legal challenges that Data Retention is facing.
The Advocate General’s Opinion
The Advocate General opinion is not the final result from the Court – it’s effectively a guide for the judges. They do give a good indication of what the final judgment will look like. So this is an important intervention.
According to an influential legal opinion in the European Court of Justice, the Directive breaches privacy rights and should be replaced with a new law.
The Court of Justice of the European Union is considering whether the European law about collecting and storing communications data (information about our communications) is compatible with the European Charter of Fundamental Rights.
In the opinion published this morning (which you can read in full), the Advocate General (AG) concluded:
I propose that the Court should answer the questions referred by the High Court in Case C 293/12 and the Verfassungsgerichtshof in Case C 594/12 as follows:
(1)Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is as a whole incompatible with Article 52(1) of the Charter of Fundamental Rights of the European Union, since the limitations on the exercise of fundamental rights which that directive contains because of the obligation to retain data which it imposes are not accompanied by the necessary principles for governing the guarantees needed to regulate access to the data and their use.
(2)Article 6 of Directive 2006/24 is incompatible with Articles 7 and 52(1) of the Charter of Fundamental Rights of the European Union in that it requires Member States to ensure that the data specified in Article 5 of that directive are retained for a period whose upper limit is set at two years.
It looks like there are three main take aways from this opinion. First, he says that the Directive does not define rules about access to the communications data, but it should because it covers the collection of and access to such detailed personal information. Second, he concludes that the period of time (2 years) that governments may require data to be retained is too long and not supported by evidence. From the press release:
…the Advocate General has not found, in the various views submitted to the Court of Justice defending the proportionality of the data retention period, any sufficient justification for not limiting the data retention period to be established by the Member States to less than one year.
Third, the AG says that there needs to be a new law that rectifies these issues, but adds that the current Directive can continue until that new law is agreed.
EDRi (which Digital Rights Ireland is a member of) say in their press release that this is a major blow to the European Commission who have consistently failed to recognise faults with the Directive, even where those faults were detailed in its own review of the evidence of Member State’s implementation.
EDRi also note that the Commission took legal action against countries who had not implemented the Directive – and EDRi are calling for the Commission to pay back finanacial penalties imposed on those contries as a result. Read more of EDRi’s reaction on their website.
It’s also worth reading the reaction from Simon McGarr, of McGarr Solicitors who represented Digital Rights Ireland in this case. The Court’s press release, which summarises the opinion, is available as a pdf from their website. Now it is up to the judges.
This post is based on two posts that originally appeared on the ORG Blog on 11 and 12 December, 2013. This blog post gives the views of the author, and does not represent the position of the LSE Media Policy Project blog, nor of the London School of Economics.
