All General Obligations To Retain Traffic Data Found Illegal Under EU Law

The European Court of Justice in Luxembourg made big news today when it ruled against indiscriminate retention of traffic and localisation data once again.

The court’s ruling is available here.

“Member States may not impose a general obligation to retain data on providers of electronic communications services,” according to the ruling which drew a lot of attention in Europe. Several countries adopted follow-up legislation after the court’s ruling against the EU Data Retention Directive in 2014.

Combining a case brought by a group of UK politicians and organisations (698/15 Watson) and a Swedish case started by telecom operator Tele Sverige (C-203/15 Tele2 Sverige), the court declared both the British and Swedish data retention provisions illegal under EU law.

Only targeted retention fighting serious crime is possible, with tight limitations applying, also with regard to access, according to the judges. Exfiltrated data for these cases must be stored inside the EU, too, the decision notes. Once more the court with this ruling reminded EU legislators about the severity of indiscriminate data collections.

Taken as a whole, the indiscriminately stored traffic data is “liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained,” according to the court. “The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of  constant surveillance.”

The decision was highly welcomed by a group of over 33,000 complainants in Germany who are fighting German follow-up legislation on data retention.