Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

European Court Overturns Law on Keeping Private Data

LUXEMBOURG – The European Court of Justice on Tuesday struck down an EU-wide law on how private data can be collected and stored, judging it too invasive — despite its usefulness in combating organized crime and terrorism.

LUXEMBOURG – The European Court of Justice on Tuesday struck down an EU-wide law on how private data can be collected and stored, judging it too invasive — despite its usefulness in combating organized crime and terrorism.

By allowing EU governments to access the data, “the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” the court said.

The decision to scupper the Data Retention Directive, which was issued in 2006, comes as Europe weighs concerns over electronic snooping in the wake of revelations about systematic US snooping of email and telephone communications.

The directive called for the European Union’s 28 member states to store individuals’ Internet, mobile telephone and text metadata — the time, date, duration and destination, but not the content of the communications themselves — for six months to two years, with national intelligence and police agencies having access.

The Luxembourg-based European Court of Justice, examining Austrian and Irish cases, declared the law invalid because it conflicted with the basic rights to privacy and expectation of personal data being protected.

While it noted the genuine interest of the law in fighting serious crime, the court found the law “exceeded the limits imposed by compliance with the principle of proportionality”.

The law should be more restrictive both in terms of what data are captured and authorities’ access to them to ensure that “interference is actually limited to what is strictly necessary,” the court said.

There was also insufficient oversight to prevent abuse and ensure the data’s destruction at the end of the retention period, and the law failed to stipulate that the data must be retained in the EU, it said.

Advertisement. Scroll to continue reading.

The court’s decision reinforced a general European stance strongly upholding individuals’ rights to privacy, contrasting with a US position that often supports more invasive policies in the interests of public security. 

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.