Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

European Court Overturns Law on Keeping Private Data

LUXEMBOURG – The European Court of Justice on Tuesday struck down an EU-wide law on how private data can be collected and stored, judging it too invasive — despite its usefulness in combating organized crime and terrorism.

LUXEMBOURG – The European Court of Justice on Tuesday struck down an EU-wide law on how private data can be collected and stored, judging it too invasive — despite its usefulness in combating organized crime and terrorism.

By allowing EU governments to access the data, “the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” the court said.

The decision to scupper the Data Retention Directive, which was issued in 2006, comes as Europe weighs concerns over electronic snooping in the wake of revelations about systematic US snooping of email and telephone communications.

The directive called for the European Union’s 28 member states to store individuals’ Internet, mobile telephone and text metadata — the time, date, duration and destination, but not the content of the communications themselves — for six months to two years, with national intelligence and police agencies having access.

The Luxembourg-based European Court of Justice, examining Austrian and Irish cases, declared the law invalid because it conflicted with the basic rights to privacy and expectation of personal data being protected.

While it noted the genuine interest of the law in fighting serious crime, the court found the law “exceeded the limits imposed by compliance with the principle of proportionality”.

The law should be more restrictive both in terms of what data are captured and authorities’ access to them to ensure that “interference is actually limited to what is strictly necessary,” the court said.

There was also insufficient oversight to prevent abuse and ensure the data’s destruction at the end of the retention period, and the law failed to stipulate that the data must be retained in the EU, it said.

Advertisement. Scroll to continue reading.

The court’s decision reinforced a general European stance strongly upholding individuals’ rights to privacy, contrasting with a US position that often supports more invasive policies in the interests of public security. 

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.