An EU law requiring companies to log telecommunications data for law enforcement breaches rights, an advocate-general of Europe's top court has said. Germany in particular had challenged the Data Retention Directive.
Thursday's opinion at the European Court of Justice in Luxembourg responds to challenges against the directive in Ireland and Austria. Adopted the by the EU in 2006 following attacks on the London tube and trains in Madrid, the Data Retention Directive specifies that firms must save telephone and Internet data - user, recipient and length of calls - for a period of up to two years.
"The directive constitutes a serious interference with the fundamental right of citizens to privacy," Advocate-General Pedro Cruz Villalon said. "The use of those data may make it possible to create a both faithful and exhaustive map of a large portion of a person's conduct strictly forming part of his private life, or even a complete and accurate picture of his private identity," he added.
Cruz Villalon argued that the directive increased the risk that corporations and individuals could use the data for unlawful and possibly fraudulent or malicious purposes - even more so as private communication companies controlled the information rather than public authorities. Cruz Villalon also called the directive invalid because it failed to sufficiently specify the circumstances for data access, storage and use - leaving this for member states to define. In addition, Cruz Villalon called one year a disproportionately long time to hold so much information - let alone two.
Relevance, ‘even urgency'
The advocate-general did recognize the "relevance and even urgency" of data retention measures. Should the court decide to follow his opinion, Cruz Villalon suggested that it grant a grace period to change the directive, rather than taking immediate measures against it.
At any given time, the European Court of Justice has nine advocates general, who provide legal but nonbinding opinion ahead of deliberations and decisions by judges.
Germany does not currently comply with the Data Retention Directive, owing in large part to a Constitutional Court ban on the legislation in 2010. The forthcoming grand coalition government hopes to limit data storage in Europe to three months.
mkg/msh (dpa, epd)