Data Retention Directive Invalid, says EU’s Highest Court


April 8, 2014 | By Danny O’Brien

Today the European Court of Justice declared the EU’s Data Retention Directive invalid, declaring that the mass collection of Internet data in Europe entailed a “wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data.” The Directive ordered European states to pass laws that obliged Internet intermediaries to log records on their users’ activity, keep them for up to two years, and provide access to the police and security services. The ECJ joins the United Nations’ Human Rights Committee which last month called upon the United States to refrain from imposing mandatory retention of data by third parties.

The decision is a victory for the human rights activists that have fought hard to have the original Europe-wide law—rushed through the European Parliament in 200—re-considered. Digital Rights Ireland, who first launched a lawsuit against the Irish Government against their implementation of the Directive, and AK Vorrat Austria, who organized to reject data retention in Austria, both pursued the issue for many years in the face of concerted opposition from their own governments and officials.

While the decision comprehensively rejects the current directive, some states may put up a fight to keep their laws, while others could take this opportunity to become champions of their citizens’ privacy. The Finnish Minister of Communications, Krista Kiuru, has already declared a full review of Finnish law in the light of the decision, saying that “if [Finland] wants to be a model country in privacy issues, Finnish legislation has to respect fundamental rights and the rule of law.” The German and Romanian data retention laws have already been declared unlawful by their national constitutional courts. Governments advocating retention, like the UK, may argue that they can still maintain their existing data retention laws, or there may even be an attempt to introduce a whole new data retention directive that would attempt to comply with the ECJ’s decision.

However the data retention regime unwinds in Europe, this decision sends an important signal to other countries in the world who are considered the same path as the EU. Brazil’s online activists have been fighting hard to keep data retention out of their flagship Internet Bill of Rights, the Marco Civil. The law, which is about to be considered by the Brazilian Senate, would require ISPs to record personal data for one year, and other service providers log keep private information on their users for six months. New laws requiring mandatory data retention by companies in the United States have also been championed by the Obama administration’s Department of Justice, and have been proposed by the Whitehouse as a “solution” to the NSA spying scandal. As the ECJ’s decision shows, the indiscriminate recording and storage of every aspect of innocent civilians’ online lives is a travesty of human rights, no matter where that collected data is housed.

from here

NSA inquiry: what experts revealed to MEPs


[12-02-2014 – 14:13]
Conclusion time: after months of investigating mass surveillance by the NSA in Europe, the EP inquiry has finished penning its findings. The inquiry was launched last year in the wake of revelations by NSA whistle-blower Edward Showden and involved more than 15 hearings with representatives of EU institutions, national parliaments, the US Congress, IT firms, NGOs and journalists. The civil liberties committee votes on the draft report on 12 February. Read on to discover what MEPs found out.

At the first hearing in early September journalists stressed the need for democratic scrutiny over the work of security services. “[Mass surveillance] technologies can be used for purposes other than to fight terrorism,” warned Jacques Follorou, of the French daily Le Monde. Reporters also spoke of the importance of protecting whistle-blowers and journalists that make such stories public.

In a statement for the inquiry, NSA whistle-blower Edward Snowden said he disclosed secret NSA document with the aim of launching a public debate on the balance between security and human rights. “Public debate is not possible without public knowledge (…) the surveillance of whole populations, rather than individuals, threatens to be the greatest human rights challenge of our time,” he said . Glenn Greenwald, the journalist Mr Snowden spoke to, later told MEPs that “most governments are beneficiaries of Snowden’s choice”.

Two former NSA employees and one former MI5 officer testified in the hearings, with ex-NSA senior executive and whistle-blower Thomas Drake saying he had never imagined “that the US would use the ‘Stasi guidebook’ for its secret mass surveillance programmes”. US congressman Jim Sensenbrenner, chairman of the subcommittee on crime, terrorism, homeland security, and investigations, told MEPs that abuses by the NSA had been carried out outside congressional authority. “I hope that we have learned our lesson and that oversight will be a lot more vigorous,” he said.

Questions were raised during the hearings whether the surveillance had violated various EU-US agreements, including one on the transfer of financial data for identification of terrorist activities (TFTP agreement), or another agreement on the data protection standards that US companies should meet when dealing with Europeans’ private data (Safe Harbour agreement).

Microsoft, Google and Facebook managers invited to speak denied giving unfettered access to their servers. Experts suggested setting up a European “privacy cloud” – a secure data storage to protect internet users’ privacy.

The hearings also looked into surveillance activities in EU countries, including Denmark, Belgium and the UK. “The Parliament inquiry was already looking not just into the NSA allegations, but also to our own backyard. We knew that the national oversight arrangements in many member states are inadequate to citizens,” said Claude Moraes, a British member of the S&D group in an interview in November.

NSA snooping: MEPs table proposals to protect EU citizens’ privacy

Committees Committee on Civil Liberties, Justice and Home Affairs [12-02-2014 – 20:11]

The European Parliament should withhold its consent to an EU-US trade deal unless it fully respects EU citizens’ data privacy, says an inquiry report on US National Security Agency (NSA) and EU member states surveillance of EU citizens, approved by the Civil Liberties Committee on Wednesday. It adds that data protection rules should be excluded from the trade talks and negotiated separately with the US.

The text, passed by 33 votes to 7 with 17 abstentions, condemns the “vast, systemic, blanket collection of personal data of innocent people, often comprising intimate personal information”, adding that “the fight against terrorism can never be a justification for untargeted, secret or even illegal mass surveillance programmes”.

“We now have a comprehensive text that for the first time brings together in-depth recommendations on Edward Snowden’s allegations of NSA spying and an action plan for the future. The Civil Liberties Committee inquiry came at a crucial time, along with Snowden ́s allegations and the EU data protection regulation. I hope that this document will be supported by the full Parliament and that it will last beyond the next European Parliament’s mandate”, said rapporteur Claude Moraes (S&D, UK), after the vote.

Data protection must be excluded from trade talks

Parliament’s consent to the final Transatlantic Trade and Investment Partnership (TTIP) deal with the US “could be endangered as long as blanket mass surveillance activities and the interception of communications in EU institutions and diplomatic representations are not fully stopped and an adequate solution for data privacy rights of EU citizens, including administrative and judicial redress is not found”, MEPs say.

Parliament should therefore withhold its consent to the TTIP agreement unless it fully respects fundamental rights enshrined in the EU Charter, the text adds, stressing that data protection should be ruled out of the trade talks.

MEPs call for the “immediate suspension” of the Safe Harbour privacy principles (voluntary data protection standards for non-EU companies transferring EU citizens’ personal data to the US). These principles “do not provide adequate protection for EU citizens” say MEPs, who urge the US to propose new personal data transfer rules that meet EU data protection requirements.

The Terrorist Finance Tracking Programme (TFTP) deal should also be suspended until allegations that US authorities have access to EU citizens’ bank data outside the agreement are clarified, say MEPs. The EU-US data protection framework agreement to be struck in spring 2014 must ensure proper judicial redress for EU citizens whose personal data are transferred to the US, they add.

Digital “new deal”

The EU needs a “digital new deal”, to be delivered by the joint efforts of EU institutions, member states, research institutions, industry and civil society, say MEPs, noting that some telecoms firms have clearly neglected the IT security of their users and clients. MEPs also urge member states to accelerate their work on draft EU data protection reform legislation so that it can be passed by the end of this year.

Trust in US cloud computing and cloud providers has been damaged by surveillance practices, MEPs note. They propose that Europe should develop its own clouds and IT solutions to ensure a high standard of personal data protection. They note that by 2016, the cloud market is likely to be worth $207 billion a year, double its 2012 value.

EU whistleblower and media protection programme

The resolution urges the European Commission to examine whether a future EU law establishing a “European whistleblower protection programme” should also include other fields of EU competence “with particular attention to the complexity of whistleblowing in the field of intelligence”. EU member states are also asked to consider granting whistleblowers international protection from prosecution.

MEPs also cite the UK’s detention of David Miranda and seizure of material in his possession under the UK Terrorism Act and its demand that the Guardian newspaper hand over or destroy such material. They see these acts as “possible serious interference with the right of freedom of expression and media freedom”, as recognised by the European Convention on Human Rights and the EU Charter.

EU countries should check their own secret services

The UK, France, Germany, Sweden, the Netherlands and Poland should clarify the allegations of mass surveillance – including potential agreements between intelligence services and telecoms firms on access to and exchange of personal data and access to transatlantic cables – and their compatibility with EU laws, it says.

Other EU countries, in particular those participating in the “9-eyes” (UK, Denmark, France and the Netherlands) and “14-eyes” arrangements (those countries plus Germany, Belgium, Italy, Spain and Sweden) are also urged to review their national laws and practices governing the activities of intelligence services, so as to ensure that they are subject to parliamentary and judicial oversight and public scrutiny and that they comply
with fundamental rights obligations.

MEPs deem bilateral “anti-spying” arrangements concluded or under negotiation between some EU countries (the UK, France and Germany) and the US as “counterproductive and irrelevant, due to the need for a European approach to this problem”.

Next steps

The full Parliament will vote on the resolution on 12 March in Strasbourg.

The Civil Liberties Committee inquiry into mass surveillance of EU citizens began in September 2013. A total of 15 hearings have been held since then.

In the chair: Juan Fernando López Aguilar (S&D, ES)


BXL: (+32) 2 28 44301
STR: (+33) 3 881 73661
PORT: (+32) 498 98 39 85

Isabel Teixeira NADKARNI
BXL: (+32) 2 28 32198
STR: (+33) 3 881 76758
PORT: (+32) 498 98 33 36

from here (complete report)