April 08, 2014, 6:47 AM — European Union laws requiring communications providers to retain metadata are invalid because they seriously interfere with fundamental privacy rights, the Court of Justice of the EU (CJEU) ruled Tuesday.
The EU's Data Retention Directive requires telecommunications and Internet providers to retain traffic and location data as well as related data necessary to identify the subscriber or user. This is required for the prevention, investigation, detection and prosecution of serious crime, in particular organized crime and terrorism.
However, the High Court of Ireland and the Constitutional Court of Austria doubted the validity of the directive, and asked the CJEU to investigate whether it violates the fundamental rights to respect for private life and to the protection of personal data enshrined in the Charter of Fundamental Rights of the EU, the court said.
The CJEU found the directive interferes with those rights and declared it invalid, a decision welcomed by campaigners for online privacy.
The European Commission said it will assess the court's verdict and its effects.
Member of the European Parliament Sophie in't Veld said, "It is good that the legislature gets a slap on the wrist. Now we can finally delete this unsound law," adding that future laws to combat terrorism must comply with civil rights.
European Digital Rights Group (EDRi) executive director Joe McNamee called the law an affront to the fundamental rights of European citizens and said the decision marked the end of "eight years of abuses of personal data."
And in the U.K. Open Rights Group director Jim Killock said, "Blanket data collection interferes with our privacy rights. We must now see the repeal of national legislation that obliges telecoms companies to collect data about our personal phone calls, text messages, emails and internet usage."
The court said retaining such data makes it possible to know how, when and with whom service users communicate, how often they call, and where they call from. That, in turn, could provide precise information on the private lives of the persons whose data are retained, including where they live, their daily habits, and their social lives, the court said. Requiring that telecommunications operators retain the data and allow the authorities to access it interferes with the fundamental rights to respect for private life and to the protection of personal data -- and, because those data are retained and used without informing the user the directive is likely to generate a feeling that people's private lives are the subject of constant surveillance, the court added.