ECJ strikes down DRD

oscarBravo · 08-04-2014 10:18am #1

The data retention directive has been struck down. Woo!

http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf

Johnboy1951 · 08-04-2014 2:57pm

Yeah!

Congrats to all involved!

Manach · 09-04-2014 8:20pm

A good call, with the AG opinion's being listened too. However given the number of exceptions that are present when reading such legislation, they might make the minimalist of changes and rely on proportionality and security to distinguish from this ruling.

sopretty · 17-04-2014 11:21pm

I'm sorry, can someone please interpret this finding into real terms for an internet user?

Manach · 17-04-2014 11:33pm

There are various EU directives that deal with data. Some, like the Data Protection delimit the uses third parties use of your data. Others like this one, Data Retention basically tell ISPs/Carriers to keep data for a certain time period. This was a security measure and offhand their are similar measures in the US. It seems to include both context / content data.
However, one of the key principles of EU law is proportationity. That a law cannot breach certain fundamental citizen's rights without good reason. The justices in the European court found that the directive went too far.

A good article on this: “European Court of Justice rules EU data collection laws illegal”- http://www.ft.com/cms/s/0/752ec05c-bf0e-11e3-8683-00144feabdc0.html

sopretty · 17-04-2014 11:40pm

Manach wrote: »

A good article on this: “European Court of Justice rules EU data collection laws illegal”- http://www.ft.com/cms/s/0/752ec05c-bf0e-11e3-8683-00144feabdc0.html

I can't access your link Manach.

I find the findings difficult to interpret in real terms.

Manach · 19-04-2014 12:32am

What it boils down to is that data from say mobiles cannot be kept over extended periods at the behest of the various EU states. Offhand, I reckon the companies themselves will still be able to store the date if it is sufficiently anonymised.

sopretty · 19-04-2014 1:30am

Manach wrote: »

What it boils down to is that data from say mobiles cannot be kept over extended periods at the behest of the various EU states. Offhand, I reckon the companies themselves will still be able to store the date if it is sufficiently anonymised.

It's uninterpretable. It's more like a commentary on a situation rather than a definition of anything.

oscarBravo · 19-04-2014 2:28pm

Manach wrote: »

What it boils down to is that data from say mobiles cannot be kept over extended periods at the behest of the various EU states.

It's not quite that clear. Any country that transposed the directive into national law using the equivalent of a statutory instrument no longer has a legal basis for data retention, but countries like Ireland that enacted primary legislation to give effect to the directive still have those laws on the books, and ISPs in Ireland still have to retain data.

What it does mean is that the Irish law is vulnerable to a legal challenge.

What's also likely is that the EU will introduce a replacement directive addressing the shortcomings identified by the ECJ.

Offhand, I reckon the companies themselves will still be able to store the date if it is sufficiently anonymised.

If it's anonymised, it's useless for the intended purpose.

Manach · 20-04-2014 1:13am

As the directive is now ineffective, then you are correct that the courts having an obligation to provide a real and effective remedy to Irish state's implementation of such (from my EU text on the Von Colson case).
I was going to comment on the direct effect, but then there is the question of the direct effect of what, given the ECJ's effect on the directive.

As for the replacement directive; offhand from a paper I read on how the EU now views big data, they are seeking to make it easier for 3rd parties to mine this for value. So, again as a guess, they could stress this economic aspect instead of the security considerations as a basis to store the data - making it as appear positive right.

For the anonymised data, to clarify. In that this would that the ISPs/Telecoms could still use such data themselves (for instance for mapping where base stations are need) instead of all customer derived data being forbidden to be collected. So long as what the EU considers personal identifiable material is removed.
Offhand in the US there was a recent incident of a good number of mobile phones being location tracked so as to improve the mapping service, unknown to the user.

oscarBravo · 20-04-2014 12:27pm

Manach wrote: »

For the anonymised data, to clarify. In that this would that the ISPs/Telecoms could still use such data themselves (for instance for mapping where base stations are need) instead of all customer derived data being forbidden to be collected. So long as what the EU considers personal identifiable material is removed.
Offhand in the US there was a recent incident of a good number of mobile phones being location tracked so as to improve the mapping service, unknown to the user.

Sure, but if we're talking about anonymised aggregate data, we're quite simply not talking about the topic of the data retention directive anymore. That directive is explicit in the requirement to tie data to a customer. Anonymised aggregate data has no privacy implications; it doesn't even fall under data protection law.

Manach · 22-04-2014 4:04pm

I'd agree with you in the context of that which has been aggregated. But I've come across a commentary (Anonymizing Health Data by Khaled El Emam) that suggests that there differing levels complexity within the base anonymised data. In that with various degrees of effort (some internal/external to the data source) that some of this data can be used to trace specific individuals. There was I think one such case about internet search engine data that was released by Yahoo(?) that had occurred that is known.

ECJ strikes down DRD

Comments