Data Retention: Conservative Facts

In April 2014, the Grand Chamber of the European Court of Justice (ECJ) declared Directive 2006/24/EC (the Data Retention Directive) invalid on the ground that European Union legislators had exceeded the limits of proportionality in forging the Directive. In particular, the Court held that the Directive entailed serious interference with the rights to privacy and personal data protection of individuals guaranteed by the Charter of Fundamental Rights, and also failed to establish limits on access by competent national authorities, such as prior review by a judicial or an independent administrative authority. Because the ECJ did not specify otherwise, the Data Retention Directive is void ab initio and EU Members who have transposed the Directive into their national legal systems must ensure compliance with the ECJ’s judgment.

This Article is based on the Law Library of Congress website that published the following Report on – European Union: ECJ Invalidates Data Retention Directive @ Law Library of Congress on ECJ DR Directive invalidation | The Article was re-created for the purposes of investigative inquiry and re-published inspiratively for the purposes of further study.

Short constitutional history to the European Court of Justice

The European Court of Justice (ECJ), officially just the Court of Justice, is the highest court in the European Union in matters of European Union law. As a part of the Court of Justice of the European Union it is tasked with interpreting EU law and ensuring its equal application across all EU member states. The Court was established in 1952 and is based in Luxembourg. It is composed of one judge per member state – currently 28 – although it normally hears cases in panels of three, five or thirteen judges. The court has been led by president Vassilios Skouris since 2003.

NOTABLE DECISIONS OF ECJ

  • EU Court rules that the United Kingdom will have to “urgently” clean up the air pollution in England’s cities, and if non-compliant, individuals will be allowed to sue the UK government.
  • EU Court ruled that refugees who seek asylum by claiming that they are gay must be accepted as is, and not forced to having to prove their sexual preference. This ruling falls under the EU’s law of respect for human dignity.
  • EU Court annulled a freeze of an Iranian university’s assets since the EU could not provide sufficient evidence of the university’s links to the nuclear program of Iran.
  • EU court ruled in favor of the manufacturers of the Rubik’s Cube by affording them trademark protection throughout the EU. However, the EU court did allow for other toy manufacturers to create differently shaped puzzles which rotate in a similar fashion.
  • EU Court ruled that any member state does not have to afford social welfare benefits to any EU citizen who goes “to another member state solely in order to obtain” such benefits
    By means of ever more effective methods of mind-manipulation the Democracies will change their nature; the quaint old forms – elections, parliaments, Supreme Courts and all the rest – will remain.

The underlying substance will be a new kind of totalitarianism. All the traditional names, all the hallowed slogans will remain exactly what they were in the good old days. Democracy and Freedom will be the theme of every broadcast and editorial. Meanwhile the ruling oligarchy and its highly trained elite of soldiers, policemen, thought-manufacturers and mind-manipulators will quietly run the show as they see fit.
Quote by Aldous Huxley

Positive views on the Data Retention Directive

The Data Retention Directive required the providers of publicly available electronic communications services or public communications networks (PCN – ISP) to retain traffic and location data belonging to individuals or legal entities. Such data included the calling telephone number and name and address of the subscriber or register user, user IDs (a unique identifier assigned to each person who signs with an electronic communications service), Internet protocol addresses, the numbers dialed, and call forwarding or call transfer records. The retention period was to last for a minimum period of six months and up to two years, and the sole purpose of processing and storing the data was to prevent, investigate, detect, and prosecute serious crimes, such as organized crime and terrorism. The content of the communications of individuals was not retained.

MANDATORY DATA RETENTION

Law enforcement agencies throughout the world are pushing for invasive laws that force Internet Service Providers (ISPs) and telecom providers to continuously collect and store records documenting the online activities of millions of ordinary users.

Mandatory data retention regimes are usually paired with provisions that allow investigators to obtain these records. These regimes expand the ability of governments to surveil its citizens, ultimately damaging individuals privacy, anonymity, and free expression.

HOW IT WORKS?

Most ISPs and telcos give subscribers an IP address that changes periodically. Mandatory data retention proposals force ISPs and telecom providers to keep records of their IP address allocations for a certain period of time. This allows law enforcement to ask ISPs and telecom providers to identify an individual on the basis of who had a given IP address at a particular date and time.

Why Should You Care?

Government mandated data retention impacts millions of ordinary users compromising online anonymity which is crucial for whistle-blowers, investigators, journalists, and those engaging in political speech. National data retention laws are invasive, costly, and damage the right to privacy and free expression. They compel ISPs and telcos to create large databases of information about who communicates with whom via Internet or phone, the duration of the exchange, and the users’ location. These regimes require that your IP address be collected and retained for every step you make online. Privacy risks increase as these databases become vulnerable to theft and accidental disclosure. Service providers must absorb the expense of storing and maintaining these large databases and often pass these costs on to consumers.

METADATA WORKING DEFINITIONS

The internet identifier (eg IP address) assigned to the user by the ISP
The mobile number called or texted
The email address, phone number or VoIP number used to send the communication
The time and date of the communication
The location from where the communication was sent — in the case of mobile this includes the mobile tower
The duration of the call

Who pays for data retention?

For example: The Australian Internet Service Provider (ISP) iiNet has estimated that data retention will cost the company AU$100 million to establish in the first two years, and potentially more after that, a claim Prime Minister Tony Abbott has denied.

If ISP’s would be forced to set up systems to retain this data, then it is possible that the cost for those systems will be passed onto their customers in the form of higher internet or phone subscription prices. If the government offers to pay for the establishment of the system, then taxpayers will be footing the bill to have their own data stored.

On the other side: Telstra, Australia’s largest telecommunications company and arguably the best placed to secure our data, has had a number of privacy breaches over the past few years alone. Given at the moment there is also no mandatory data breach notification laws in place, we have no way of telling if other telcos have also suffered data breaches over the years.

ISP DATA RETENTION INFOGRAPHIC

iiNet ISP produced the Data Retention Infographic explaining the massive amounts of information involved under the Attorney-General’s department’s proposal. Just for iiNet, it’s one Petabyte – that’s 1 million gigabytes – daily. iiNet has about 15% of the Australian market, so extrapolating, the nation generates around 7 million gigabytes of metadata a day.

E-FRONTIERS

Visit E-Frontiers for more detailed information.