By Paul Klein – Edited by Alex Shank
[caption id="attachment_4363" align="alignleft" width="150"] Photo By: archie4oz - CC BY 2.0[/caption]
Joined Cases C-292/12 and C-594/12, Digital Rights Ireland Ltd v. Minister for Commc’ns, Marine, and Natural Res., (E.C.J. Apr. 8, 2014)
Slip Opinion hosted by Scribd
In a preliminary ruling last week, the European Court of Justice (“ECJ”) found to be invalid Directive 2006/24/EC (the “Directive”), which the European Parliament and of the Council had previously adopted. Slip op., at I-26. The Directive required EU members to enact laws mandating that electronic communications service providers retain user data for as long as two years. Id. at I-13. EU lawmakers created the Directive to facilitate the “investigation, detection and prosecution of serious crime,” id. at I-8, particularly organized crime and terrorism. Id. at I-7. The High Court (Ireland) and the Verfassungsgerichtshof (Austria) requested that the ECJ preliminarily rule on the Directive’s validity. Id. at I-3. Both courts have actions before them challenging the legality of national proceedings that accord with the Directive. Id.
The ECJ held that “by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter [of Fundamental Rights of the European Union].” Id. at I-26. In so holding, the court stated that Directive 2006/24 clashes “with the rights guaranteed by Articles 7 and 8 of the Charter,” and that “the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance” Id. at I-20. The court identified three major problems with the Directive: 1) the extensive scope of data it would cause to be retained, 2) its failure to sufficiently limit authorities’ access to retained data, and 3) its failure to categorize the retained data in order to distinguish its usefulness and relevance. Id. at I-23–25. Accordingly, the Grand Chamber stated, “Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary.” Id. at I-25.
Bloomberg provides an overview of and contextualizes the case, noting that the Directive was “drafted in the wake of terrorist attacks in London and Madrid . . . .” Voice of America reports that “some observers consider [the ruling] a nod to the Snowden leaks . . . .” It further notes that the court’s decision could affect trans-Atlantic commerce, as well as “the future of President Barack Obama's proposed [National Security Agency] reforms on surveillance and data collection.”
In reviewing the validity of Directive 2006/24 in light of Articles 7, 8 and 11, the ECJ recognized that “the fight against international terrorism in order to maintain international peace and security constitutes an objective of general interest,” and it accepted telecommunications data retention as a means of achieving this objective. Id. at I-21. However, the court also recognized a need to restrain the Directive’s scope to protect individuals’ privacy:
“the EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data . . . .”
Id. at I-23.
As noted by Voice of America, the ECJ’s opinion piques particular interest in light of the ongoing controversy surrounding whistleblower Edward Snowden and the National Security Agency’s surveillance of electronic communications data. Like their counterparts in the EU, United States legislators must also implement “clear and precise rules governing the scope and application” of data retention programs. Id. The decision will likely affect how the United States proceeds with its data retention policies and inform U.S. citizens’ and the international community’s perceptions of their development.