View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
January 20, 2020

Bulk Data Collection Unlawful, Says AG: Fight Against Terrorism “Should Be Compatible” with Rule of Law

"General and indiscriminate retention of all traffic and location data of all subscribers and registered users is disproportionate"

By CBR Staff Writer

Bulk data collection violates European privacy law, according to the European Court of Justice (ECJ)’s chief legal advisor in a detailed opinion published late Friday.

The non-binding opinion [pdf] by Advocate General (AG) Campos Sánchez-Bordona comes as Europe’s highest court prepares to rule on a range of data privacy cases.

Among the four joined cases was Case C-623/17 Privacy International, which concerns UK intelligence agencies’ collection of bulk communications data.

Yes, the Privacy Directive Applies

The AG began his opinion by “dispelling doubts” that that European bulk surveilllance programms fall under Europe’s Directive on privacy and electronic communications.

When such programmes require the “cooperation of private parties, on whom certain obligations are imposed”, (e.g. telcos) that brings those activities into an area governed by EU law, he determined.

With regard to the UK, “general and indiscriminate retention of all traffic and location data of all subscribers and registered users is disproportionate”, even if national security grounds come into play, the AG said, arguing that the case law that was established in the Tele2 Sverige and Watson judgment of Dec. 2016 should be upheld.

(He was considering Case C-623/17 Privacy International, concerning the UK Security Intelligence Agencies’ collection of bulk communications data under section 94 of the Telecommunications Act 1984. The UK’s Investigatory Powers Tribunal had referred the question of whether such conduct fell within the scope of EU law and, if so, whether the safeguards specified in the Court’s earlier case law would have to be applied. “Yes, it does”, was the short answer).

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

The ECJ held that in 2016 that the “general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication” violated the right to privacy and data protection.

“A legal order that finds in the defence of fundamental rights the reason and purpose of its existence”

Presenting an opinion on further bulk data collection in France, Belgium, the AG noted: “The French legislation is general and indiscriminate and a particularly serious interference in the fundamental rights enshrined in the Charter.

“The Advocate General recalls that, in the Tele2 Sverige and Watson judgment, the Court rejected the possibility of general and indiscriminate retention of personal data in the context of the fight against terrorism.

“The Advocate General maintains that the fight against terrorism must not be considered solely in terms of practical effectiveness, but in terms of legal effectiveness, so that its means and methods should be compatible with the requirements of the rule of law, under which power and strength are subject to the limits of the law and, in particular, to a legal order that finds in the defence of fundamental rights the reason and purpose of its existence.”

Caroline Wilson Palow, legal director of Privacy International said: “The opinion is a win for privacy. We all benefit when robust rights schemes… are applied and followed. If the Court agrees with the AG’s opinion, then unlawful bulk surveillance schemes, including one operated by the UK, will be reined in.”

See Also: GDPR Fines: Legal Consistency “Years Away” as Penalties Hit €114 Million

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU