EU legal opinion: mass data retention at odds with EU law
In this Wednesday, May 29, 2019 file photo, a woman checks the Grindr app on her mobile phone in Beirut, Lebanon. Dating apps including Grindr, OkCupid and Tinder leak personal information to advertising tech companies in possible violation of European data privacy laws, a Norwegian consumer group said in a report Tuesday, Jan. 14, 2020. The Norwegian Consumer Council said it found "serious privacy infringements" in its analysis of how shadowy online ad companies track and profile smartphone users. (AP Photo/Hassan Ammar, file)

A legal adviser at the European Union's highest court said Wednesday that the bloc's data protection rules should prevent member states from indiscriminately holding personal data seized from Internet and phone companies, even when intelligence agencies claim that national security is at stake.

In a non-binding opinion on how the European Court of Justice, or ECJ, should rule on issues relating to access by and intelligence agencies to communications data retained by telecommunications providers, advocate general Campos Sanchez-Bordona said "the means and methods of combating terrorism must be compatible with the requirements of the rule of law."

Commenting on a series of cases from France, the U.K. and Belgium—three countries that have been hit by extremist attacks in recent years and have reinforced surveillance—Sanchez-Bordona said that the ECJ's case law should be upheld. He cited a case in which the ruled that general and indiscriminate retention of communications "is disproportionate" and inconsistent with EU privacy directives.

The advocate general recommended limited access to the data, and only when it is essential "for the effective prevention and control of crime and the safeguarding of national security."

The initial case was brought by Privacy International, a charity promoting the right to privacy. Referring to the ECJ's case law, it said that the acquisition, use, retention, disclosure, storage and deletion of bulk sets and bulk communications data by the U.K. security and were unlawful under EU law.

The U.K.'s Investigatory Powers Tribunal referred the case to the ECJ, which held a joint hearing with two similar cases from France and another one from Belgium.

"We welcome today's opinion from the advocate general and hope it will be persuasive to the Court," said Caroline Wilson Palow, the Legal Director of Privacy International. "The opinion is a win for privacy. We all benefit when robust rights schemes, like the EU Charter of Fundamental Rights, are applied and followed."

The ECJ's legal opinions aren't legally binding, but are often followed by the court. The ECJ press service said a ruling is expected within two months.

"Should the court decide to follow the of the advocate general, 'metadata' such as traffic and location data will remain subject to a high level of protection in the European Union, even when they are accessed for purposes," said Luca Tosoni, a researcher at the Norwegian Research Center for Computers and Law. "This would require several member states—including Belgium, France, the U.K. and others—to amend their domestic legislation."



© 2020 The Associated Press. All rights reserved.

Citation: EU legal opinion: mass data retention at odds with EU law (2020, January 15) retrieved 15 January 2020 from https://techxplore.com/news/2020-01-eu-legal-opinion-mass-retention.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.