The European Union's top legal advisor ruled on Thursday that laws requiring communications providers to retain all data, even to combat crime, are incompatible with fundamental rights.
Advocate General Pedro Cruz Villalón of the European Court of Justice (ECJ) said in a published opinion that the E.U.'s Data Retention Directive is in conflict with the Charter of Fundamental Rights of the European Union and the right to privacy.
The Directive requires providers of telephone and Internet communication services to "retain traffic and location data for a period laid down by law, in order to prevent, detect, investigate and prosecute crime and to safeguard the security of the state."
The ruling came following a request from the High Court of Ireland and the Constitutional Court of Austria. Civil liberties group Digital Rights Ireland filed a case against the Irish authorities, including the police, saying they have "unlawfully processed, retained and exercised control over data related to its communications." A private individual has brought a similar case in Austria.
While Cruz Villalón's opinion is not legally binding, it is likely to be followed by the courts. The opinion did leave the door open for mass storage of data under stricter conditions. He said that the Data Retention Directive, which dates from 2006, needed to be reformed rather than suspended.
In particular he wants a clearer definition of the "serious crime" that the Directive is intended to target. He also questioned why the upper limit for retention of private data is two years rather than one.
The ECJ will now proceed to a formal, legal ruling on the case, but in practice the court tends to follow the advice of the Advocate General.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.