The European Union’s highest court ruled on Tuesday that an EU directive requiring telecoms companies to store the communications data of EU citizens for up to two years was invalid.
“The Court of Justice declares the Data Retention Directive to be invalid,” the court said in a statement.
The data-retention directive was introduced in March 2006 after bombings on public transport in Madrid and London. The aim was to give the authorities better tools to investigate and prosecute organised crime and terrorism.
It required telecoms service providers to keep traffic and location data as well as other information needed to identify the user, but not the content of the communication. The records were to be kept from six to 24 months.
Austrian and Irish courts asked the European Court of Justice to rule if the law was in line with the Charter of Fundamental Rights of the EU. The law also caused a public outcry in Germany.
“It entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary,” the court said.
“The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” it said.
“Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance,” it said.
(Reporting By Jan Strupczewski; Editing by Philip Blenkinsop, Larry King)