Search This Blog

Thursday 10 April 2014

The Court of Justice of the European Union in Luxembourg hits a big one on the chin of the European Commission: the Data Retention Directive of the European Union has been litterally annihilated

I'm just an average man, with an average life
I work from nine to five; hey hell, I pay the price
All I want is to be left alone in my average home
But why do I always feel like I'm in the Twilight Zone

Yesterday (8 April 2014) was a big day for civilian freedom in Europe and for the preservation of the remainders that are left of our privacy.

It was the day that the Court of Justice of the European Union would convict upon the Data Retention Directive of the European Union. This Retention Directive had set the standards for the Telecom and Electronic / Internet data preservation of European citizens.

It prescribed a.o.: 
  • How long all kinds of internet, email and telecom data should be preserved by the telecom operations and internet providers;
  • In what kind of form that preservation should take place and where the data should be stored;
  • Under which circumstances the data could be used for surveillance and investigations against organized crime, terrorism and other purposes. 
Consequently, the data retention directive was the foundation for almost all national laws in Europe concerning this subject.

Many governments trivialized the subject of the mandatory data retention by stating that it was ‘only metadata’ (telephone numbers, email and ip addresses and timeline overviews of who called / faxed / chatted / emailed with whom at what moment) and not the actual contents of the telephone calls, faxes, emails and internet data.

In spite of these ‘comforting’ words from the national governments, many worried civilians feared that their most private and intimate secrets became into the grasp of the same governments and that there was no protection left against Big Brother’s ever watchful eye. In other words: every citizen had become a possible suspect of organized crime and terrorism for the information hungry (supra-)national governments.

This was the same watchful governmental eye, which led to the lamented statement of former US president Jimmy Carter, that he started to write and mail his personal letters to government leaders by hand again, as he didn’t trust any form of electronic communication within the United States anymore.

Very fortunately, yesterday’s verdict of The Court of Justice in Luxembourg upon the European Data Retention Directive left no room for discussion whatsoever.

It simply annihilated this Data Retention Directive in the most brutal and unprecedented way possible: with retro-active force, declaring that this directive had been ‘ invalid and thus non-existent’ from its very beginning. In the process, all national laws based on this directive have virtually been ‘outlawed’ too by the European Court of Justice. 

Nevertheless, in spite of this very decisive and unambiguous verdict, at least the Dutch government is planning to take a comfortable two months to ‘study upon the subject’.

Here are the pertinent snips of the verdict by the Court of Justice in Luxemburg:

The Court of Justice declares the Data Retention Directive to be invalid

It entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary
The main objective of the Data Retention Directive is to harmonise Member States’ provisions concerning the retention of certain data which are generated or processed by providers of publicly available electronic communications services or of public communications networks. It therefore seeks to ensure that the data are available for the purpose of the prevention, investigation, detection and prosecution of serious crime, such as, in particular, organised crime and terrorism. Thus, the directive provides that the abovementioned providers must retain traffic and location data as well as related data necessary to identify the subscriber or user. By contrast, it does not permit the retention of the content of the communication or of information consulted.

By today’s judgment, the Court declares the directive invalid: Given that the Court has not limited the temporal effect of its judgment, the declaration of invalidity takes effect from the date on which the directive entered into force [This was a footnote in the original verdict behind the link - EL].

The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period.

Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented.

The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.

Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance. The Court then examines whether such an interference with the fundamental rights at issue is justified.

It states that the retention of data required by the directive is not such as to adversely affect the essence of the fundamental rights to respect for private life and to the protection of personal data. The directive does not permit the acquisition of knowledge of the content of the electronic communications as such and provides that service or network providers must respect certain principles of data protection and data security.

Furthermore, the retention of data for the purpose of their possible transmission to the competent national authorities genuinely satisfies an objective of general interest, namely the fight against serious crime and, ultimately, public security.

However, the Court is of the opinion that, by adopting the Data Retention Directive, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality. In that context, the Court observes that, in view of the important role played by the protection of personal data in the light of the fundamental right to respect for private life and the extent and seriousness of the interference with that right caused by the directive, the EU legislature’s discretion is reduced, with the result that review of that discretion should be strict.

The whole text of this sensible and balanced verdict by the Court of Justice of the European Union is an absolute must-read for everybody, who worried about the private life and privacy of himself and his loved ones.

It administers an incredibly big blow on the chin of the European Commission and the national governments, who combinedly invented this truly disgusting Data Retention Directive. Irrespective of how much I love the European Union, this directive was a monster in my humble opinion.

For me personally, it felt like a victory that there are institutions in Europe, which: 
  • a. Don’t see every European citizen as a possible suspect of organized crime and terrorism;
  • b. Totally disapprove of the widely used ‘dragnet’ method for government surveillance and intelligence gathering. 

This dragnet method first catches every possible fish in the ocean and subsequently checks out where the big fish are, leaving the rest to die.

What I’m curious about is how many repercussions this verdict will have for all other kinds of intrusive government surveillance. The following snippets come from an article, which I wrote a few weeks ago:

This brings me to the more urgent question behind all this: are people still the owners of their own life and of the electronic trail that they leave behind? Or should people just get used to the thought, that they are like birds in a cage, which are watched all day long by anonymous people?!

From the moment that they are awake, until the moment that they fall asleep, people are leaving an electronic trail of:
  • Identification data and social security data from their passports and ID-cards;
  • Telephone, GPS and Bluetooth signals from their smartphones;
  • License plate data from their cars, which are automatically registered by smart camera’s on the road, in parking garages and (even) on parking meters, where people should mandatorily enter their license numbers;
  • Camera data from the ubiquitous surveillance camera’s, which are almost on any corner of the street and in any building;
  • Payment data from their debit and credit cards and telebanking programs;
  • Live images from their webcams: not only for their friends, but also for anonymous civil servants, who are candidly watching these images in order to find 'terrorists';
  • Log in data from their computers, iPads and smartphones, which are registered on every wifispot, whether people want this or not; 

People simply can’t switch off their electronic trail anymore and cannot withdraw from it; it is always there to follow them, whether they want it or not.

I don’t think for one moment that the Dutch and other European governments will suddenly start to behave like cautious fathers after this verdict, when it comes to the privacy of their citizens. The hunt for privacy-sensitive information will go on and on, until the last secret drops over. 

I do feel, however, that the European citizens have a friend in Luxembourg: a true friend who watches over them in a positive sense.

No comments:

Post a Comment

Blogoria.de

Blogarchief