EU challenges Snoopers' Charter - dubbed as the most extreme surveillance law in a democracy.

Gigantic privacy win: Unlimited storage of personal data is and remains illegal in Europe.

2020-01-17
In recent years UK, France, and Belgium have passed privacy-infringing surveillance laws to combat terrorism. Privacy activists fear that these laws violate privacy rights of all citizens and, thus, have filed lawsuits. The European Advocate General Campos Sánchez-Bordona has now spoken in favor of privacy rights: the means and methods of combating terrorism must be compatible with the requirements of the rule of law and based on the EU’s charter of fundamental rights.
SIGN UP

Citizens' privacy rights must be protected

According to the Advocate General, ISPs can not be forced by the authorities to hand over customers' personal data in bulk, including sensitive private data such as IP addresses, even when authorities claim that there is a national security issue at hand.

The Advocate General said: “The fight against terrorism must not be considered solely in terms of practical effectiveness, but in terms of legal effectiveness, so that its means and methods should be compatible with the requirements of the rule of law.” Any new law must be “carried out in accordance with established procedures for accessing legitimately retained personal data and are subject to the same safeguards.”

US-style surveillance remains illegal in the EU

In short, this means that a US-style unlimited storage of personal data remains illegal in the European Union. This opinion is in line with EU court rulings against general and indiscriminate data retention in 2014 and 2016. Back then, the European Court of Justice ruled that data retention is incompatible with the EU’s E-Privacy Directive.

While it is non-binding, it is expected that the EU court will follow the adviser's recommendation. A ruling will come in a few months.

Mass surveillance does not lead to security

This recommendation is the latest battle in an ongoing war over privacy rights between data protectionists and the authorities. While data protectionists fear an institutionalization of mass surveillance of all citizens without legal oversight, the authorities argue that general data retention is necessary to fight terrorism. Even though, it has been proven again and again that mass surveillance does not lead to more security, authorities claim that European privacy laws must not be considered when passing laws concerning national security.

Advocate General Campos Sánchez-Bordona now stated "When the cooperation of private parties, on whom certain obligations are imposed, is required, even when that is on grounds of national security, that brings those activities into an area governed by EU law: the protection of privacy enforceable against those private actors. Accordingly, the Directive is applicable, in principle, where providers of electronic services are required by law to retain data belonging to their subscribers and to allow the public authorities to have access to such data, as in the cases under consideration, irrespective of whether those obligations are imposed on such providers for reasons of national security."

Privacy International filed lawsuit

Privacy International has set the ball rolling by bringing the case before the Investigatory Powers Tribunal (IPT) in 2015, even before the UK passed the Snoopers' Charter, a highly criticized surveillance law.

Privacy International has challenged the "acquisition, use, retention, disclosure, storage and deletion of bulk personal datasets (BPDs) and bulk communications data (BCDs) by the UK Security and Intelligence Agencies (SIAs) – specifically Government Communications Headquarters (GCHQ), Security Service and Secret Intelligence Service".

Similar lawsuits were also filed in France and Belgium.

EU challenges Snoopers' Charter

In the end, this lawsuit by Privacy International became a very important challenge to the UK's Snoopers' Charter, the most extreme surveillance law ever passed in a democracy.

This law as well as the surveillance laws in France and Belgium have now been called out as incompatible with EU law. While we still have to wait for the ruling by the European Court of Justice (ECJ), it looks very likely that the surveillance laws in France and Belgium are going to be declared illegel.

The UK is a slightly different story due to the Brexit. Nevertheless, it is expected that also the UK will have to change their laws if they want to continue to share data with other European countries.

Now everyone is waiting for the ruling by the European Court of Justice.

The fight for privacy continues.

SIGN UP
Author
Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
If You Want Privacy, the US Congress Is Saying You Are A Criminal
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate