EU legal opinion: mass data retention at odds with EU law

World

FILE – In this Wednesday, May 29, 2019 file photo, a woman checks the Grindr app on her mobile phone in Beirut, Lebanon. Dating apps including Grindr, OkCupid and Tinder leak personal information to advertising tech companies in possible violation of European data privacy laws, a Norwegian consumer group said in a report Tuesday, Jan. 14, 2020. The Norwegian Consumer Council said it found “serious privacy infringements” in its analysis of how shadowy online ad companies track and profile smartphone users. (AP Photo/Hassan Ammar, file)

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

BRUSSELS (AP) — A legal adviser at the European Union’s highest court said Wednesday that the bloc’s data protection rules should prevent member states from indiscriminately holding personal data seized from Internet and phone companies, even when intelligence agencies claim that national security is at stake.

In a non-binding opinion on how the European Court of Justice, or ECJ, should rule on issues relating to access by security and intelligence agencies to communications data retained by telecommunications providers, advocate general Campos Sanchez-Bordona said “the means and methods of combating terrorism must be compatible with the requirements of the rule of law.”

Commenting on a series of cases from France, the U.K. and Belgium — three countries that have been hit by extremist attacks in recent years and have reinforced surveillance — Sanchez-Bordona said that the ECJ’s case law should be upheld. He cited a case in which the court ruled that general and indiscriminate retention of communications “is disproportionate” and inconsistent with EU privacy directives.

The advocate general recommended limited access to the data, and only when it is essential “for the effective prevention and control of crime and the safeguarding of national security.”

The initial case was brought by Privacy International, a charity promoting the right to privacy. Referring to the ECJ’s case law, it said that the acquisition, use, retention, disclosure, storage and deletion of bulk personal data sets and bulk communications data by the U.K. security and intelligence agencies were unlawful under EU law.

The U.K.’s Investigatory Powers Tribunal referred the case to the ECJ, which held a joint hearing with two similar cases from France and another one from Belgium.

“We welcome today’s opinion from the advocate general and hope it will be persuasive to the Court,” said Caroline Wilson Palow, the Legal Director of Privacy International. “The opinion is a win for privacy. We all benefit when robust rights schemes, like the EU Charter of Fundamental Rights, are applied and followed.”

The ECJ’s legal opinions aren’t legally binding, but are often followed by the court. The ECJ press service said a ruling is expected within two months.

“Should the court decide to follow the opinion of the advocate general, ‘metadata’ such as traffic and location data will remain subject to a high level of protection in the European Union, even when they are accessed for national security purposes,” said Luca Tosoni, a researcher at the Norwegian Research Center for Computers and Law. “This would require several member states — including Belgium, France, the U.K. and others — to amend their domestic legislation.”

Copyright 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

LKQD Outstream