As many of you may be aware several years ago the European Union at the behest of Germany and a small number of other nations brought forth a directive demanding that each countries ISP’s (Internet Service Providers) retain logs of internet activity by their customers and store it for a period of several years. This of course was seen as, among other things, at the very least a huge imposition on the way in which an ISP operates. Several countries tried to oppose the directive at first before relenting. Most notably of course was Sweden who held out until they were required to pay roughly €3 billion as a result of not implementing the directive.
Of course the Irish Digital Rights movement Digital Rights Ireland were not happy with the situation and decided to fight on regardless. Along the way they took the issue up with courts both in Ireland and in the EU. Now they finally see some light at the end of the tunnel. While the latest news from the European Courts is not yet official their prayers may have been answered by the Advocate general of the European Courts.
So how is the European Data Retention Law Unlawful exactly?
According to the Advocate general the European Data Law is unlawful as it does not conform to the Charter of Fundamental Rights of the European Union. While the AG did say that the general idea, purpose and scope of the law is all above board the issue is with the fact that the law leaves itself open to abuse. As it stands the law states that each member state must ensure that the ISP’s and other communications companies retain all data for a period set down in National law of up to two years. It also states that each member state must have laws in place nationally to regulate how this data is accessed and used. Therein lies the flaw in the law.
In order to conform to the Charter the law cannot delegate responsibility for the regulation of access and use of the data stored to member states. Any law set at the European level that may infringe on the rights of an individual must have, within its text, clearly defined rules and regulations that govern how this infringement might take place. In fact he state in his opinion:Thus, when the European Union legislature adopts, as in the case of the Data Retention Directive, an act imposing obligations which constitute serious interference with the fundamental rights of citizens of the Union, it must assume its share of responsibility by defining at the very least the principles which must govern the definition, establishment, application and review of observance of the necessary guarantees.
Does this mean that the Directive will be overturned?
Normally in cases such as this the directive would be overturned at the earliest possible opportunity. That opportunity usually being at the time of the official findings of the court and not simply the opinion of the AG. However in this instance the AG is not suggesting that the directive be overturned but that instead adequate time be given to correct the issues with the directive. This however leaves the door open for several more avenues of attack for those who oppose the law as during this interim period before the law is amended the ISP’s and other communications companies will be trying to act lawfully but will be doing so under an unlawful law that will still be in effect.
Of course this all depends on the overall findings of the court which are not bound by the opinion of the Advocate General. That being said though the courts decisions rarely differ from the AG’s findings. Either way though the fight against this directive will most likely not be over as while the law has been deemed to be unlawful as it is now rights campaigners cannot get around the issue that the underlying goals are seen as in line with the Charter and the law may well be strengthened as it is rewritten to conform to the Charter in full. A final decision in the matter is expected early next year.