Europe's top court has ruled that data retention laws breach European Union privacy rules, on the day the UK's communication interception commissioner said the number of requests to monitor individuals' communications appears to be too high.
Sir Anthony May, UK Commissioner for Interception
The European Court of Justice said a 2006 law requiring communication service providers to store user data for up to two years breaches EU citizens' fundamental right to privacy and protection of personal data. The Data Retention Directive was introduced as an anti-terrorism measure, and enabled security forces to access the information in relation to ongoing investigations.
Cecilia Malmström, European Commissioner for Home Affairs, said the court's judgement confirms the conclusions of a 2011 report into the law that questioned the scope of some elements of the directive. The Commissioner said the ruling will be carefully assessed, and that the EC "will take its work forward in light of progress made in relation to the revision of the e-Privacy directive and taking into account the negotiations on the data protection framework."
The EC's 2011 report concluded that the data retention rules had proved useful in criminal investigations, but noted that security needs must be carefully balanced with rights to personal privacy.
Allen & Overy lawyer Tom De Cordier told Bloomberg the court ruling means communications providers must proceed with caution when applying the retention rules, to avoid breaching data protection and privacy laws.
The European Court ruling came on the same day as the UK Commissioner for Interception said police could be accessing too much communications data.
In an annual report on communications interception, Sir Anthony May said he has ordered an investigation of requests made in 2013 to assess if there "might be a significant institutional overuse" of laws enabling security forces to access citizens' communications.
UK laws require police to seek approval to access communications data from one of four home secretaries--a process the report revealed was used 514,608 times in 2013.
"It has the feel of being too many," Sir Anthony noted.
The report revealed the majority (87.7 per cent) of requests to access communications were made by police forces and law enforcement agencies, with the next highest group being intelligence agencies (11.5 per cent). It also revealed 76.9 per cent of requests were in relation to detecting or preventing crime and disorder--far more than requests relating to national security, which accounted for 11.4 per cent.
Sir Anthony noted that the high number of requests by police and law enforcement agencies suggests "that criminal investigations generally are now conducted with such automatic resort to communications data" that privacy laws are "unduly subordinated."
Separately, human rights groups reacted angrily after claims by Edward Snowden alleged that the U.S. NSA and UK's GCHQ agencies spied on senior management.
Dinah PoKempner, general counsel at Human Rights Watch, said that if the allegations are true it indicates "the overreach that U.S. law allows to security agencies," and that the country "needs to overhaul its system of indiscriminate surveillance."
Amnesty International's senior director of international law and policy, Michael Bochenek, noted the allegations "raises the very real possibility that our communications with confidential sources have been intercepted," which could "put human rights defenders the world over in imminent danger."
- see this EC statement on the judgement
- see this Bloomberg report
- see the communications interception report
- see this Guardian article on Snowden
- see this Human Rights Watch article
- see Amnesty International's report
U.S. trade officials slam European calls for domestic communications network
European leaders discuss home-grown comms network to prevent U.S. spying
NSA, GCHQ target 'leaky' apps to gather data on smartphone users, according to Snowden leak.
Huawei beats British security concerns with new LTE contracts
Report: Huawei CEO says company has exited U.S. network gear market