Mass surveillance for national security conflicts with EU privacy rights, suggests a judicial advisor – Newsdio


Mass surveillance regimes in the United Kingdom, Belgium and France that require the massive collection of digital data for national security purposes may at least partially violate the fundamental privacy rights of the European Union citizens, according to the opinion of an influential advisor of the superior court of Europe issued today.

The opinion of Attorney General Sánchez Sánchez-Bordona (non-binding), which refers to four references to the Court of Justice of the European Union (CJEU), considers that the EU law covering the privacy of electronic communications applies in principle when providers of national laws require that digital services retain subscriber data for national security purposes.

The opinion addresses several cases related to the surveillance powers of the EU states and the rights of citizens' privacy, including legal challenges presented by the group for the defense of rights Privacy International to the powers of massive collection enshrined in the Law of Powers of Investigation of the United Kingdom; and a challenge from La Quadrature du Net (and others) to a French decree of 2015 related to specialized intelligence services.

An argument now known is at stake: the privacy groups argue that the states' massive data collection and retention regimes have surpassed the law, becoming so indiscriminately intrusive as to violate the fundamental privacy rights of the EU, while the states claim that they must collect and retain citizens' data in bulk to fight threats to national security such as terrorism.

Therefore, in recent years, we have seen attempts by certain EU Member States to create national frameworks that effectively impose surveillance powers, which then, in turn, invite a legal challenge under the legislation of the EU.

The opinion of AG maintains with previous jurisprudence of the CJEU, specifically the sentences Tele2 Sverige and Watson, that "the general and indiscriminate retention of all traffic data and location of all subscribers and registered users is disproportionate," as expressed in the statement Press

Instead, the recommendation is for "limited and discriminated retention", with also "limited access to that data".

“The Advocate General maintains that the fight against terrorism should not be considered solely in terms of practical effectiveness, but in terms of legal effectiveness, so that its means and methods must be compatible with the requirements of the rule of law, under which the power and force is subject to the limits of the law and, in particular, to a legal order that finds in the defense of fundamental rights the reason and purpose of its existence, "explains the RP in a particularly elegant passage that summarizes the opinion.

It is considered that French legislation fails on several fronts, even for imposing obligations of "general and indiscriminate" data, and for not including provisions to notify interested parties that their information is being processed by a state authority where such notifications They are possible without jeopardizing their action.

Belgian legislation also fails to comply with EU legislation, according to the opinion, for imposing a "general and indiscriminate" obligation on digital service providers to retain data, and the AG also notes that its objectives are problematically broad ("not only the fight against terrorism and serious crimes, but also defense of the territory, public security, investigation, detection and prosecution of less serious crimes ").

The GA considers that the United Kingdom mass surveillance regime does not pass the central test of "general and indiscriminate collection."

There is a slight dilemma for national legislation that is incompatible with EU legislation and, in Sánchez-Bordona's opinion, it is allowed to maintain its effects "in an exceptional and temporary way". But only if such a situation is justified by what is described as "primary considerations related to threats to public safety or national security that cannot be addressed by other means or other alternatives, but only during the time strictly necessary to correct the incompatibility with EU law. "

If the court follows the opinion, states may try to interpret a provision as exceptional as a degree of room for maneuver to keep illegal regimes beyond their legal expiration date.

Similarly, there could be questions about exactly what constitutes the collection and retention of "limited" and "discriminated" data, which could encourage states to promote a "maximum" interpretation of where the legal line is.

However, privacy advocates are seeing opinion as a positive sign for the defense of fundamental rights.

in a statement Welcoming the opinion, Privacy International called it "a victory for privacy." "We all benefit when solid rights schemes are applied and followed, such as the EU Charter of Fundamental Rights," said legal director Caroline Wilson Palow. "If the Court agrees with the AG's opinion, then the illegal bulk surveillance schemes, including one operated by the United Kingdom, will be governed."

The CJEU will issue its ruling at a later date, usually between three and six months after an opinion of AG.

The opinion comes at a key moment since European Commission lawmakers are willing to rethink a plan to update the Electronic Privacy Directive, which deals with the privacy of electronic communications, after the Member States did not reach a agreement last year on a previous proposal for an electronic privacy regulation. then the opinion of the AG will probably feed that process.

The opinion may also have an impact on other legislative processes, such as the talks on the EU electronic evidence package and the negotiations on several international agreements on cross-border access to electronic evidence, according to Luca Tosoni, a researcher at the Norwegian Center for Computer and Law Research at the University of Oslo.

"It is worth noting that, in accordance with Article 4 (2) of the Treaty on European Union," national security remains the sole responsibility of each Member State. "However, the opinion of the general lawyer suggests that this provision does not It excludes that EU data protection rules may have direct implications for national security, "Tosoni said.

"In the event that the Court decides to follow the opinion …" metadata ", such as traffic and location data, will be subject to a high level of protection in the European Union, even when accessed for national security purposes This would require that several Member States, including Belgium, France, the United Kingdom and others, modify their national legislation. "


Please enter your comment!
Please enter your name here