The European Court of Justice has ruled that an 8 year old piece of legislation requiring mobile and internet companies to collect and store users’ data for a period of 2 years, is against the basic rights to privacy and control of personal data. The top EU court said that the law, which was introduced as a preventive measure against terrorist acts like the London and Madrid bombings in 2006, is unnecessarily broad, causing all citizens feel under constant ‘surveillance’.
The courts declared that the old anti-terrorism legislation, the Data Retention Directive, which was made binding for all member states, is invalid because it contradicts two fundamental rights defined by the Charter of Fundamental Rights of the E.U.: the fundamental right to respect for private life and the fundamental right to the protection of personal data.
The court also criticized the law for lacking any clear and objective criterion with regard to its ‘anti-terrorism’ purposes. This is big loophole in the law, the Court said, that might lead to abuse or misuse of authority in the collecting of private data.
The EU Data Retention Directive required mobile and fixed-line communication companies and internet service providers to store and keep for a minimum period of two years the data belonging to their customers, such as all contact numbers, account details, communication traffic, usage and spending details etc.
Cecilia Malmström, the Home Affairs Commissioner of the European Commission, released a statement following the court order saying that the judgment of the Court brings clarity and confirms critical limits in terms of proportionality of the Commission’s evaluation report of 2011 on the implementation of the data retention directive.
She added: “The European Commission will now carefully asses the verdict and its impacts. The Commission will take its work forward in light of progress made in relation to the revision of the e-Privacy directive and taking into account the negotiations on the data protection framework”