Jusletter IT

EU Data Retention Directive Is Invalid

  • Author: Daniel Ronzani
  • Category: News
  • Region: Switzerland
  • Field of law: Data Protection
  • Citation: Daniel Ronzani, EU Data Retention Directive Is Invalid, in: Jusletter IT 11 September 2014
[1]
This article discusses the decision of the Court of Justice of the European Union1 (Court) of 8 April 2014 regarding the invalidity of the EU Data Retention Directive2 (Directive).
[2]
The scope of the Directive is the retention of meta data of legal entities and individuals by communication providers (e.g. telecoms) for the purpose of the investigation, detection and prosecution of serious crimes.3 Meta data are traffic and location data that allow for the identification of a user of a publicly available electronic communication service.4
[3]
Meta data by definition do not include the content of the retained electronic communication. According to the Directive, meta data must be retained between 6 and 24 months.
[4]
The Court decided that the Directive interfered with the Charter of Fundamental Rights of the European Union5 (Charter). Whereas the Court agreed that the fight against terrorism and serious crimes was of utmost importance to ensure public security, it concluded that such an objective of general interest did not, in itself, justify a general retention of meta data. The Court noted that the retained meta data allowed for very precise conclusions to be drawn concerning the private lives of persons.6 Thus it was necessary to verify the proportionality of the interference between the Directive and the Charter.
[5]
The Court, among others, argued that the Directive covered the meta data of «practically the entire European population»7, without any differentiation, limitation or exception, e.g. for professional secrecy obligations. Moreover, it argued that the Directive did not foresee any relationship between the retained data and a threat to public security, e.g. geographic zone or circle of persons. The Court also argued that there was no independent objective review prior to the access to the retained meta data by the national authorities. Finally, it criticized that the retention periods between 6 and 24 months applied irrespective of the usefulness for the purpose of the objective pursued or the persons concerned. Therefore, the Court decided that by adopting the Directive the limits imposed by the Charter had been exceeded.
[6]
With regard to the current revision of the BÜPF8, in March 2014 the Swiss Council of States approved the extension of the retention period from 6 to 12 months for telecommunications.9 Whether the National Council will also approve the extended retention period has yet to be seen. A debate is to be expected based on the Court’s decision.

Daniel Ronzani

  1. 1 Joined cases C-293/12 (Digital Rights Ireland Ltd) and C-594/12 (Kärntner Landesregierung).
  2. 2 Directive 2006/24/EC.
  3. 3 Art. 1 of Directive 2006/24/EC.
  4. 4 E.g. phone number, user ID, cell ID, name of subscriber, e-mail address, login dates and times, IP.
  5. 5 2000/C 364/01, e.g. art. 7 and 8.
  6. 6 E.g. habits of everyday life, daily movements, activities carried out, and social relationships.
  7. 7 Note 56 of the Court’s decision of 8 April 2014.
  8. 8 Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs (SR 780.1).
  9. 9 Swiss Parliament, media coverage 10 March 2014, tinyurl.com/ldrudl5.