Irish Court Rules Activists Can Seek Review of Data Retention Directive’s Constitutionality
Ireland’s High Court cleared the way for a constitutional attack on EU Internet and telephony traffic data-storage rules, saying Wednesday that Digital Rights Ireland can pursue a challenge to national law in the European Court of Justice on the grounds that the data retention directive violates fundamental rights. The move, which follows decisions against data retention in Germany and Romania, has implications for data storage across Europe, said DRI Chairman TJ McIntyre. Meanwhile, a preliminary European Commission assessment of the directive shows wide divergence among national laws, and concerns from civil society and telecom providers.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The May 2006 data-retention directive focused on harmonizing storage of traffic and location data across Europe, the court said. DRI alleged that the government is illegally processing and storing data relating to the organization, its members and other mobile phone users contrary to statute, European Community law and the Constitution and in violation of the rights to privacy, travel and communication.
DRI asked the High Court to send the case to the ECJ to determine if the directive complies with rights under EU treaties. The judge agreed to do so, saying the challenge is to “specific legislative provisions which speak for themselves” and the referral is needed “since I am unable to rule on the validity of Community law.” The precise questions to be referred haven’t yet been decided, DRI said.
"In light of the recent sequence of judgments against data retention -- including the judgment of the German Constitutional Court -- the tide is very definitely turning throughout Europe and courts are increasingly recognizing the privacy problems it presents,” McIntyre told us. The highest German and Romanian courts have ruled national data-storage legislation unconstitutional, the German Working Party on Data Retention said. To avoid defeat before the ECJ, the EC must propose swift amendments to the directive, it said. Until the ECJ decides the validity of the directive, “no further data retention laws should be enacted,” it said. EU regulations must be made more flexible to “allow for alternative procedures that work more intelligently than by stockpiling untargeted personal data,” it said.
In a side comment in an advisory opinion in a case about whether telecom providers must disclose information about subscribers in copyright infringement cases, ECJ Advocate-General Julianne Kokott said, “There is reason to doubt whether the storing of personal data of all users … is compatible with fundamental rights, in particular as this is done without any concrete suspicion."
Lack of Consistency Said Hampering Data Retention
The directive requires the EC to give the European Parliament and Council an assessment of how it’s working and its impact on operators and consumers, the EC said in a draft evaluation report. Its survey of governments, industry and other interested parties showed a lack of standardized statistics, wide variation in the numbers of requests for stored data and differing retention periods, it said.
Other problems included the failure of the directive to define “serious crimes,” leaving countries to take different views on the matter, the EC said. Some governments introduced additional categories to be retained, such as subscriber bank data, raising questions about compliance with the e-privacy directive, it said.
National plans for reimbursing telecom providers’ costs also vary widely, the EC said. Most countries don’t reimburse costs, while some cover some operational and capital expenses, it said. Some make reimbursement dependent on the quality of information provided. All governments said the retained data is useful and significantly helps investigate and prosecute crime, it said.
EU lawmakers and civil liberties advocates said the measure has had “catastrophic impacts” on citizens and end-users and hasn’t harmonized national laws, addressed market distortions or cut crime, the EC said. Privacy authorities are competent to investigate how operators retain personal data, it said, but some reported the need for more technical guidance and other practical problems.
For operators, the lack of harmonization of the storage period and cost reimbursement are the directives’ main failures, the EC said. The major trade associations for telephone, Internet and cable providers said data retention would be much more effective if operators all had to keep the same data in the same format and the same rules applied for access and handover of that data to police agencies in all countries, it said.
Justice Commissioner Viviane Reding said in March she wants to balance privacy rights with law enforcement demands when she revisits the directive (CD March 3 p10). She particularly wants to see if storage periods are proportionate and whether there are less burdensome means to achieve the law’s goals.