I'm
just an average man, with an average life
I
work from nine to five; hey hell, I pay the price
All
I want is to be left alone in my average home
But
why do I always feel like I'm in the Twilight Zone
Yesterday (8 April 2014) was a big day for civilian
freedom in Europe and for the preservation of the remainders that are left of
our privacy.
It was the day that the Court of Justice of the
European Union would convict upon the Data Retention Directive of the European
Union. This Retention Directive had set the standards for the Telecom and
Electronic / Internet data preservation of European citizens.
It prescribed a.o.:
- How long all kinds of internet,
email and telecom data should be preserved by the telecom operations and internet providers;
- In what kind of form that preservation should take place and where the data should be stored;
- Under which circumstances the data could be used for surveillance and investigations against organized crime, terrorism and other purposes.
Many governments trivialized the subject of the mandatory data
retention by stating that it was ‘only metadata’ (telephone numbers, email and
ip addresses and timeline overviews of who called / faxed / chatted / emailed with whom at what moment)
and not the actual contents of the telephone calls, faxes, emails and internet
data.
In spite of these ‘comforting’ words from the national
governments, many worried civilians feared that their most private and intimate
secrets became into the grasp of the same governments and that
there was no protection left against Big Brother’s ever watchful eye. In other words: every citizen had become a possible suspect of organized crime and terrorism for the information hungry (supra-)national governments.
This was the same watchful governmental eye, which led
to the lamented statement of former US president Jimmy Carter, that he started to write and mail his personal letters to government leaders by hand again, as he didn’t trust any form of electronic
communication within the United States anymore.
Very fortunately, yesterday’s verdict of The Court of
Justice in Luxembourg upon the European Data Retention Directive left no room for discussion whatsoever.
It simply annihilated this Data Retention Directive in the
most brutal and unprecedented way possible: with retro-active force, declaring
that this directive had been ‘ invalid and thus non-existent’ from its very beginning. In the
process, all national laws based on this directive have virtually been ‘outlawed’
too by the European Court of Justice.
Nevertheless, in spite of this very decisive and unambiguous verdict, at least the Dutch government is
planning to take a comfortable two months to ‘study upon the subject’.
Here are the pertinent snips of the verdict by the Court
of Justice in Luxemburg:
The
Court of Justice declares the Data Retention Directive to be invalid
It
entails a wide-ranging and particularly serious interference with the
fundamental rights to respect for private life and to the protection of
personal data, without that interference being limited to what is strictly
necessary
The
main objective of the Data Retention Directive is to harmonise Member States’
provisions concerning the retention of certain data which are generated or
processed by providers of publicly available electronic communications services
or of public communications networks. It therefore seeks to ensure that the
data are available for the purpose of the prevention, investigation, detection
and prosecution of serious crime, such as, in particular, organised crime and
terrorism. Thus, the directive provides that the abovementioned providers must
retain traffic and location data as well as related data necessary to identify
the subscriber or user. By contrast, it does not permit the retention of the
content of the communication or of information consulted.
By
today’s judgment, the Court declares the directive invalid: Given that the
Court has not limited the temporal effect of its judgment, the declaration of
invalidity takes effect from the date on which the directive entered into force
[This was a footnote in the original verdict behind the link - EL].
The
Court observes first of all that the data to be retained make it possible, in
particular, (1) to know the identity of the person with whom a subscriber or
registered user has communicated and by what means, (2) to identify the time of
the communication as well as the place from which that communication took place
and (3) to know the frequency of the communications of the subscriber or
registered user with certain persons during a given period.
Those
data, taken as a whole, may provide very precise information on the private
lives of the persons whose data are retained, such as the habits of everyday
life, permanent or temporary places of residence, daily or other movements,
activities carried out, social relationships and the social environments
frequented.
The
Court takes the view that, by requiring the retention of those data and by
allowing the competent national authorities to access those data, the directive
interferes in a particularly serious manner with the fundamental rights to
respect for private life and to the protection of personal data.
Furthermore,
the fact that data are retained and subsequently used without the subscriber or
registered user being informed is likely to generate in the persons concerned a
feeling that their private lives are the subject of constant surveillance. The
Court then examines whether such an interference with the fundamental rights at
issue is justified.
It
states that the retention of data required by the directive is not such as to
adversely affect the essence of the fundamental rights to respect for private
life and to the protection of personal data. The directive does not permit the
acquisition of knowledge of the content of the electronic communications as
such and provides that service or network providers must respect certain
principles of data protection and data security.
Furthermore,
the retention of data for the purpose of their possible transmission to the competent
national authorities genuinely satisfies an objective of general interest,
namely the fight against serious crime and, ultimately, public security.
However,
the Court is of the opinion that, by adopting the Data Retention Directive, the
EU legislature has exceeded the limits imposed by compliance with the principle
of proportionality. In that context, the Court observes that, in view of the
important role played by the protection of personal data in the light of the
fundamental right to respect for private life and the extent and seriousness of
the interference with that right caused by the directive, the EU legislature’s
discretion is reduced, with the result that review of that discretion should be
strict.
The whole text of this sensible and balanced verdict by the Court of Justice of the
European Union is an absolute must-read for everybody, who worried about the private
life and privacy of himself and his loved ones.
It administers an incredibly big blow on the chin of
the European Commission and the national governments, who combinedly invented
this truly disgusting Data Retention Directive. Irrespective of how much I love the
European Union, this directive was a monster in my humble opinion.
For me personally, it felt like a victory that there
are institutions in Europe, which:
- a. Don’t see every European citizen as a
possible suspect of organized crime and terrorism;
- b. Totally disapprove of the widely used ‘dragnet’ method for government surveillance and intelligence gathering.
This dragnet method first catches every possible fish in
the ocean and subsequently checks out where the big fish are, leaving the rest
to die.
What I’m curious about is how many repercussions this
verdict will have for all other kinds of intrusive
government surveillance. The following snippets come from an article, which I wrote a few weeks ago:
This
brings me to the more urgent question behind all this: are people still the
owners of their own life and of the electronic trail that they leave behind? Or
should people just get used to the thought, that they are like birds in a cage,
which are watched all day long by anonymous people?!
From
the moment that they are awake, until the moment that they fall asleep, people
are leaving an electronic trail of:
- Identification
data and social security data from their passports and ID-cards;
- Telephone,
GPS and Bluetooth signals from their smartphones;
- License
plate data from their cars, which are automatically registered by smart
camera’s on the road, in parking garages and (even) on parking meters, where
people should mandatorily enter their license numbers;
- Camera
data from the ubiquitous surveillance camera’s, which are almost on any corner
of the street and in any building;
- Payment
data from their debit and credit cards and telebanking programs;
- Live
images from their webcams: not only for their friends, but also for anonymous
civil servants, who are candidly watching these images in order to find
'terrorists';
- Log in data from their computers, iPads and smartphones, which are registered on every wifispot, whether people want this or not;
People
simply can’t switch off their electronic trail anymore and cannot withdraw
from it; it is always there to follow them, whether they want it or not.
I don’t think for one moment that the Dutch and other
European governments will suddenly start to behave like cautious fathers after this verdict, when
it comes to the privacy of their citizens. The hunt for privacy-sensitive information will go on and on, until the last secret drops over.
I do feel, however, that the European citizens have a
friend in Luxembourg: a true friend who watches over them in a positive sense.
No comments:
Post a Comment