General and indiscriminate retention of data banned in EU

[tlink]

The CJEU (Court of Justice of the European Union) released a press release today in which they stated to have ruled against the UK and Swedish law that allows the government to store data about their citizens very broadly. For me this sounds like a huge privacy win . They basically ruled that governments can't hold a citizens data without having objective reasons to do so.

Please tell me if i misinterpeted anything from the official documents, i tried to describe it in laymans terms in a very tl;dr format because there is sooo much juristical jargon in these documents. 

Quote

The case originated, in part, in a challenge to the UK’s Data Retention and Investigatory Powers Act 2014 (“DRIPA”), which enabled the UK Government to retain people’s data on a widespread, indiscriminate and untargeted basis. These powers have been replicated and expanded in the ‘Snoopers’ Charter’.

 

Privacy International intervened in the case together with Open Rights Group, arguing that wholesale and indiscriminate retention of data is not permissible and violates European Union law.

 

The case, which went to the CJEU at the request of the UK Court of Appeal, will now go back to that Court of Appeal.

Quote

The Members States may not impose a general obligation to retain data on providers of electronic communications services EU law precludes a general and indiscriminate retention of traffic data and location data, but it is open to Members States to make provision, as a preventive measure, for targeted retention of that data solely for the purpose of fighting serious crime, provided that such retention is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the chosen duration of retention, limited to what is strictly necessary. Access of the national authorities to the retained data must be subject to conditions, including prior review by an independent authority and the data being retained within the EU

Quote

In today’s judgment, the Court’s answer is that EU law precludes national legislation that prescribes general and indiscriminate retention of data. The Court confirms first that the national measures at issue fall within the scope of the directive. The protection of the confidentiality of electronic communications and related traffic data guaranteed by the directive, applies to the measures taken by all persons other than users, whether by private persons or bodies, or by State bodies. Next, the Court finds that while that directive enables Member States to restrict the scope of the obligation to ensure the confidentiality of communications and related traffic data, it cannot justify the exception to that obligation, and in particular to the prohibition on storage of data laid down by that directive, becoming the rule. Further, the Court states that, in accordance with its settled case-law, the protection of the fundamental right to respect for private life requires that derogations from the protection of personal data should apply only in so far as is strictly necessary. The Court applies that case-law to the rules governing the retention of data and those governing access to the retained data.

Quote

“Today’s judgment is a major blow against mass surveillance and an important day for privacy. It makes clear that blanket and indiscriminate retention of our digital histories — who we interact with, when and how and where — can be a very intrusive form of surveillance that needs strict safeguards against abuse and mission creep. Unfortunately, those safeguards are not present in the Investigatory Powers Act, which is why it’s a Snoopers’ Charter.

The court has rightly recognised that our communications data is no less sensitive than the content of our communications. This is something that the UK Government has wilfully ignored, allowing a large number of public bodies to access our personal data without a warrant. The Government must now urgently fix the Investigatory Powers Act, so that access to our data is properly authorised”.

~Camilla Graham Wood, Legal Officer, Privacy International

http://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf
https://medium.com/@privacyint/press-release-landmark-ruling-by-european-court-could-render-the-uk-governments-new-snoopers-e7caff2b59e7#.vcxlx616n

also related thread for those who don't know about the UK mass surveilance laws

 

[SubTract]

Hmmm So brexit was just the UK preparing?

[mcraftax]

The european union did something good for the uk? That's unheard of.

 

Joke aside, i was wondering if the EU was going to block it with the protection legislation.

[Joe_MacDougall]

Shame the UK will no longer be part of the EU. If our MPs stop ass-fucking each other and get it over with.

To be honest this policy is quite out of character for the EU.

[tlink]

1 minute ago, Joe_MacDougall said:

To be honest this policy is quite out of character for the EU.

why do you think that?

[Joe_MacDougall]

1 minute ago, tlink said:

why do you think that?

They strike me as the kind of people to take the Canada approach to online privacy.

[suicidalfranco]

GOD FUCKING DAMN IT EU!

Stop undermining UK's sovereignty with your oppresive laws!

 

 

 

/s

[tlink]

2 minutes ago, Joe_MacDougall said:

They strike me as the kind of people to take the Canada approach to online privacy.

they are actually pretty strict on privacy, they ruled that businesses should keep EU citizens their data inside of the EU or they may not operate here to prevent spying from the US government.

[Joe_MacDougall]

5 minutes ago, tlink said:

they are actually pretty strict on privacy, they ruled that businesses should keep EU citizens their data inside of the EU or they may not operate here to prevent spying from the US government.

Yeah. They've removed a lot of piracy sites from Google's searches. That's pretty good I guess.

[RocketFarmer]

The authorities are already doing it on a maasive scale.  These latest measures are just an attempt to cover themsleves.  This won't stop the behavior. 

[tlink]

Just now, RocketFarmer said:

The authorities are already doing it on a maasive scale.  These latest measures are just an attempt to cover themsleves.  This won't stop the behavior. 

well a swedish telecom already started purging user data directly after the ruling, so it does make a difference somewhere.