Feeds

European Court of Justice rips up Data Retention Directive

Rules 'interfering' measure to be 'invalid'

Providing a secure and efficient Helpdesk

A European Union directive that required ISPs to retain data for two years has been deemed "invalid", Brussels' highest court ruled today.

The measure "entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary," said (PDF) the European Court of Justice.

It added that the fact that information could be held and subsequently used without the subscriber or registered user being aware of such "constant surveillance" actions from spooks and police could intrude on an individual's private life.

Late last year, Court of Justice Advocate General Pedro Cruz Villalón said that the seven-year-old EU directive requiring telecoms outfits to retain details of phone calls and emails - such as traffic and location - clashed with the 28-member bloc's privacy rights for citizens.

He opined at the time that the 2006 Data Retention Directive "constitutes a serious interference with the fundamental right of citizens to privacy".

The ECJ has today agreed with that assessment of the EU measure. It said:

[T]he retention of data for the purpose of their possible transmission to the competent national authorities genuinely satisfies an objective of general interest, namely the fight against serious crime and, ultimately, public security.

However, the Court is of the opinion that, by adopting the Data Retention Directive, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality.

Damningly, the court added that the directive failed to offer sufficient safeguards "against the risk of abuse and against any unlawful access to use of the data".

Worst of all for Brussels' officials nervous about information carelessly spilling out of the EU into the hands of the US in the wake of master blabbermouth Edward Snowden's state spying revelations, the directive was found by the court not to require data to be retained within the 28-nation bloc.

"The directive does not fully ensure the control of compliance with the requirements of protection and security by an independent authority, as is, however, explicitly required by the Charter," it concluded. "Such a control, carried out on the basis of EU law, is an essential component of the protection of individuals with regard to the processing of personal data." ®

Security for virtualized datacentres

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.