 |
| Via Wikimedia |
On 8 April 2014 the Court of Justice handed down its
judgment in the cases of Digital Rights Ireland against the Irish authorities
and of the Austrian Constitutional Court against the Government of Carinthia
and Mr Seitling, Mr Tschohl and other complainants, Cases C-293/12 and C-594/12, declaring the invalidity of the Directive on the retention of
telecommunications and electronic communications data of 2006, hereinafter the
“Directive”, with effect from the date on which the Directive entered into
force.
What were the requirements of the Directive? What type of
data was retained?
With the goal of combating terrorism and other serious
offences, the Directive required telecommunications companies and internet operators to register and
retain the following data from all types of telephone calls (fixed and mobile
as well as unanswered calls) and e-mails during a period of between 6 and 24
months, depending on the applicable legislation in each state:
- In the case of fixed telephones, the data of the calling telephone number and destination number, the names and addresses of the persons calling and those to which the telephone numbers were registered at the time of connection, as well as the telephone service used and from where they were calling, but not the content of the conversation, which required judicial authorisation.
- In the case of mobile telephones, the identifier of the device was also required.
- In the case of internet, the dynamic and static IP addresses assigned by the internet access provider, the name and address of the user and data necessary to identify the date, time and duration of a communication.
- In the case of a pre-paid card, data regarding the date and time of the activation of the service also needed to be retained.
Reasons for the invalidity of the Directive
The Court of Justice indicates that the requirements on
telecommunications operators imposed by the Directive entails a wide-ranging
and particularly serious interference of the fundamental right of individuals
to privacy and the protection of their personal data, given that there are no
substantive and procedural limits in the Directive regulating and restricting
those interferences to what is strictly necessary, thus exceeding the limits of
the principle of proportionality.
In fact, the judgment states that “the Directive covers, in
a generalised manner, all persons and all means of electronic communication as
well as all traffic data without any differentiation, limitation or exception
being made in the light of the objective of fighting against terrorism and
serious crime.”
Consequently, the judgment holds that the said data taken as
a whole, what we call Big Data, may provide very precise information concerning
the private lives of the persons whose data has been retained, such as the
habits of everyday life, permanent or temporary places of residence, the
activities carried out in their daily life, when going out or on holiday, the
relationships, friends, of those persons and the social environments frequented
by them, in short all their life, thoughts, beliefs, feelings, location, and
that of their children, current accounts, without prior information provided or
consent sought to process that data, basic principles of the fundamental right
to the protection of personal data.
