The European Union's data retention law could breach fundamental E.U. law because its requirements result in an invasion of citizens' privacy, according to the Constitutional Court of Austria, which has asked the European Court of Justice (ECJ) to determine the directive's validity.
The data retention rules require countries to store vast amounts of people's telecommunication information for law enforcement purposes, including data about phone calls, text messages and email as well as location data. But the Austrian court questions whether the storage of this data is in line with the Charter of Fundamental Rights of the European Union.
So far, the Austrian state of Carinthia, an employee of a telecommunications company and more than 11,000 individuals have turned to the Austrian constitutional court with questions about the constitutionality of the Data Retention Directive, the court said in a news release on Tuesday.
Protection of personal data is guaranteed by the Charter of Fundamental Rights, the European Convention of Human Rights as well as the Austrian constitution, the court said. When the court is asked to determine whether a regulation is constitutional, it must use the Charter as an assessment tool, it added.
The primary problem with the data retention law is that it almost exclusively affects people in whom government or law enforcement have no prior interest. But authorities use the data for investigations and are informed about people's personal lives, the court said, and there is a risk that the data can be abused.
"We doubt that the E.U. Data Retention Directive is really compatible with the rights that are guaranteed by the E.U. Charter of Fundamental Rights," Gerhart Holzinger, president of the Constitutional Court of Austria said in a statement.
While the ECJ deals with these questions, the current court proceedings in Austria will be suspended, the court said. But the data retention law will remain in force, as the court sees no reason to temporarily suspend the law, it added.
Meanwhile, the Irish High Court has also asked the ECJ to rule on whether the Data Retention Directive respects the rights of the user. That request stems from a case brought by Digital Rights Ireland against the Minister for Communications in which the group argued that forcing telecoms companies to retain information about how customers use their services breaches individual rights to privacy.
German lawmakers said last year they doubted the validity of the directive because the law takes disproportionate measures to fight crime. Despite increases in data retention, the rate of solved crimes has risen only slightly, they said at the time.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to email@example.com
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.