14 DAY TRIAL // Today, The European Court of Justice has decided to tear to pieces a previous directive that required Internet Service Providers (ISPs) to retain data for two years.
The initial directive has been deemed “invalid” by the Court since it entails a “wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary,” the ruling reads.
Anyone’s private life could be interfered with without their knowledge due to the fact that records could be kept for up to two years and the collected information used at any time. Basically, the court said that this amounted to “constant surveillance.”
The information retained by ISPs includes details about the identity of the persons that one communicates with and by what means, at what times and from which locations, as well as the frequency of these communications. As a whole, this provides way too much insight into a person’s private life.
The directive has been around for seven years, but now it has been found to clash with the privacy rights that the bloc wants for its citizens.
The court admits that the purpose of the directive – collecting data to fight against serious crime and for public security – is completely valid. However, the piece of legislation “has exceeded the limits imposed by compliance with the principle proportionality.”
At the same time, the directive was too broad and did not come with enough limitations. For instance, while the retention period was set between six months and two years, it did not specify on which criteria the period of detention was determined.
Also, the legislation did not provide enough safeguards to ensure effective protection of the data against the risk of abuse and against any unlawful access and use of the data. Even worse, the Court points out that the directive does not require that the data be retained within the European Union, which means that the EU cannot fully ensure the control of compliance with the requirements of protection and security by an independent authority.
Basically, this indicates that the European Union is concerned that data belonging to citizens could be served on a silver tray to the United States and its mass surveillance network. The fact that the decision comes as the European Union is looking into building its own local set of networks to protect the data from the eyes of the NSA cannot be overlooked.