EU court adviser backs data retention with strict rules

Drivers take Uber to UK tribunal in threat to business model
July 19, 2016
United States joins case over Facebook data transfers from EU
July 19, 2016
This post was originally published on this site
Servers for data storage are seen at Advania's Thor Data Center in Hafnarfjordur, Iceland August 7, 2015.  REUTERS/Sigtryggur Ari
Servers for data storage are seen at Advania’s Thor Data Center in Hafnarfjordur, Iceland August 7, 2015.

Reuters/Sigtryggur Ari

Telecoms operators in the European Union may be required to retain customer communications data as long as it is strictly necessary to fight serious crime and does not unduly interfere with privacy, an adviser to the top EU court said on Tuesday.

The types of data that can be retained include the date, time and duration of calls, and the source and destination of calls, but not their content, an advocate general to the Court of Justice of the European Union (ECJ) said.

While non-binding, the opinions tend to be followed by the court in a majority of cases.

Tuesday’s opinion referred to two cases in which data retention laws in Sweden and Britain were challenged on the grounds that they were no longer valid after the ECJ struck down an EU-wide data retention law in 2014 because it went too far and violated people’s privacy.

However, national governments may oblige telecoms operators to retain communications data as long as there are strict safeguards to protect privacy, the advocate general said.

A debate on data privacy has raged since former U.S. intelligence contractor Edward Snowden leaked details about mass surveillance by British and U.S. spies in 2013.

Islamist militant attacks in France and Belgium have reinvigorated calls for security agencies to be accorded greater powers.

In a statement summarizing the adviser’s opinion, the ECJ said national data retention laws must include “accessibility, foreseeability and adequate protection against arbitrary interference”.

The advocate general said that interference with fundamental rights could only be justified to fight serious crime, “whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not”.

Data retention must also be “strictly necessary” for fighting serious crime, meaning there can be no effective alternative that is less intrusive.

A number of UK politicians filed a legal challenge against a British surveillance law passed in 2014, part of which was suspended by a British court. British lawmakers subsequently passed an Investigatory Powers bill.

Similarly, Swedish telecoms operator Tele2 had told its regulator that it would stop retaining data after the ECJ struck down the EU Data Retention Directive.

The two cases were joined together by the Luxembourg-based court.

(Reporting by Julia Fioretti; editing by Philip Blenkinsop/Mark Heinrich)