Sign up for our newsletter - Navigating the horizon of business technology​
Technology / Data

Bulk Data Collection Unlawful, Says AG: Fight Against Terrorism “Should Be Compatible” with Rule of Law

Bulk data collection violates European privacy law, according to the European Court of Justice (ECJ)’s chief legal advisor in a detailed opinion published late Friday.

The non-binding opinion [pdf] by Advocate General (AG) Campos Sánchez-Bordona comes as Europe’s highest court prepares to rule on a range of data privacy cases.

Among the four joined cases was Case C-623/17 Privacy International, which concerns UK intelligence agencies’ collection of bulk communications data.

Yes, the Privacy Directive Applies

The AG began his opinion by “dispelling doubts” that that European bulk surveilllance programms fall under Europe’s Directive on privacy and electronic communications.

White papers from our partners

When such programmes require the “cooperation of private parties, on whom certain obligations are imposed”, (e.g. telcos) that brings those activities into an area governed by EU law, he determined.

With regard to the UK, “general and indiscriminate retention of all traffic and location data of all subscribers and registered users is disproportionate”, even if national security grounds come into play, the AG said, arguing that the case law that was established in the Tele2 Sverige and Watson judgment of Dec. 2016 should be upheld.

(He was considering Case C-623/17 Privacy International, concerning the UK Security Intelligence Agencies’ collection of bulk communications data under section 94 of the Telecommunications Act 1984. The UK’s Investigatory Powers Tribunal had referred the question of whether such conduct fell within the scope of EU law and, if so, whether the safeguards specified in the Court’s earlier case law would have to be applied. “Yes, it does”, was the short answer).

The ECJ held that in 2016 that the “general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication” violated the right to privacy and data protection.

“A legal order that finds in the defence of fundamental rights the reason and purpose of its existence”

Presenting an opinion on further bulk data collection in France, Belgium, the AG noted: “The French legislation is general and indiscriminate and a particularly serious interference in the fundamental rights enshrined in the Charter.

“The Advocate General recalls that, in the Tele2 Sverige and Watson judgment, the Court rejected the possibility of general and indiscriminate retention of personal data in the context of the fight against terrorism.

“The Advocate General maintains that the fight against terrorism must not be considered solely in terms of practical effectiveness, but in terms of legal effectiveness, so that its means and methods should be compatible with the requirements of the rule of law, under which power and strength are subject to the limits of the law and, in particular, to a legal order that finds in the defence of fundamental rights the reason and purpose of its existence.”

Caroline Wilson Palow, legal director of Privacy International said: “The opinion is a win for privacy. We all benefit when robust rights schemes… are applied and followed. If the Court agrees with the AG’s opinion, then unlawful bulk surveillance schemes, including one operated by the UK, will be reined in.”

See Also: GDPR Fines: Legal Consistency “Years Away” as Penalties Hit €114 Million


This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.