Blanket data retention is illegal - or that's the unvarnished view of the legal department of the European Parliament at least.
Last year, the European Court of Justice (ECJ) ruled that the EU’s own Data Retention Directive, a law that required telco service providers to store information about their customers’ activity, violates EU fundamental rights.
Now the Parliament’s report proclaims that not only was that law illegal, but governments in all EU countries should evaluate their national laws as well - that includes the DRIP (Data Retention and Investigatory Powers) legislation in the UK.
Some civil liberties groups have called for a case-by-case review of existing data retention laws, or as the ECJ calls them “general programmes of surveillance”.
Speaking about the report on Thursday, MEP Birgit Sippel said if mass surveillance guaranteed safety, the US would be the safest place on Earth. However, her German colleague Alex Voss took a more middle ground approach, saying the level of surveillance should be proportional to the security threat.
Despite rumours that the Commish would propose a “replacement” law after the original directive was ruled illegal, its mouthpieces would not give any comment on future plans.
“This report makes one thing clear: European policy makers must think twice before proposing any data retention or mass surveillance program in the future," said Estelle Massé, policy analyst for civil liberties group Access.
Parliament's report finds that the effective ban on mass surveillance also applies to international agreements under negotiation: “Both EU legislation and international agreements transferring personal information (eg, to the US) must comply with the principles set out in the judgement, which will result in strict scrutiny of surveillance laws.”
This could have repercussions for the so-called Umbrella Agreement (the European Union has been negotiating with the US on this since 2011) on data transfers currently under discussion between the EU and the US. ®