EU Court of Justice Invalidates Data Retention Directive
The European Union’s highest court struck down a controversial directive that encouraged telecommunication and mobile phone companies to retain users’ private data records for up to two years. The EU’s European Court of Justice invalidated the 2006 EU Data Retention Directive on privacy grounds, noting in its opinion that “the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.”
“The directive covers, in a generalized manner, all individuals, all means of electronic communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime,” according to an ECJ press release.
“Law is culture,” said Bennet Kelley, founder of the Los Angeles-based Internet Law Center. “What you do in law speaks about who you are as a people. The EU has a different viewpoint about privacy…than the U.S..”
Data commerce across the Atlantic, said Kelley, is governed by something called the “European Safe Harbor.”
Before any data can leave an EU member nation, U.S. telecommunications firms must certify they follow privacy policies and programs similar to the more stringent EU protections, creating a “safe harbor” for data privacy.
However, Kelley said, regulators on both sides of the Atlantic have long known that many U.S. safe harbor certifications are actually false, creating a serious potential problem for U.S. companies doing business in the EU.
This week’s court ruling, he said, will only make commerce more difficult.
“Even before Snowden, there were concerns about the EU Safe Harbor,” Kelley said.
“There’s already skepticism in Europe because of that, and then you throw in Snowden, it creates more distrust. Having one more element of differentiation between the U.S. and EU is just not helpful.”
The ruling also comes just a few weeks after President Obama proposed allowing U.S. telecommunications companies to engage in exactly the sort of data collection the ECJ just rejected.
As part of his overhaul of U.S. electronic surveillance efforts, President Obama wants to remove what’s known as the “bulk metadata collection program” from the NSA and make mobile phone and data companies responsible for electronic record-keeping.
“Now it seems like it’d be a hard ask,” Kelley said.