EU rules against UK data retention law

The European Court of Justice (ECJ) has ruled that “general and indiscriminate” data retention is against EU law.

The decision, which is a significant blow to governments and organisations who have been pushing for stronger surveillance and data collection, was delivered after EU judges said communications data could only be retained if it was used to fight serious crime.

The ECJ ruling stated that countries are not allowed to impose laws requiring internet service providers to retain all their customers’ data, restricting the practice to specific (single) cases of “serious crime”.

The ruling said: “In today’s judgment, the Court’s answer is that EU law precludes national legislation that prescribes general and indiscriminate retention of data.

“The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious.

“The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference.”

The decision was made on a case originally brought to court by IPS Tele2 in Sweden. The case was later joined by UK MPs Tom Watson, David Davis and with support from others as they built up opposition to data surveillance by the GCHQ and the UK government’s IP Act and were turning to the EU to get involved.

Commenting on the ruling, Watson said: “This ruling shows it’s counter-productive to rush new laws through Parliament without a proper scrutiny.”

The Home Office added it would be putting forward “robust arguments” to the Court of Appeal.

It added: “Given the importance of communications data to preventing and detecting crime, we will ensure plans are in place so that the police and other public authorities can continue to acquire such data in a way that is consistent with EU law and our obligation to protect the public.”

Related reading