Retaining data from telephone calls and emails is legal only if law enforcement agencies use it to tackle serious crime, the EU’s highest court has ruled.
The preliminary finding by the influential European Court of Justice (ECJ) in Luxembourg is in response to a legal challenge brought by David Davis, the new Brexit minister in the UK and Tom Watson, Labour's deputy leader, over the legality of GCHQ's bulk interception of call records and online messages.
In an opinion likely to be followed by the full court, advocate general Henrik Saugmandsgaarde, clarified EU law after the two MPs successfully argued in British courts that Britain's Data Retention and Investigatory Powers Act (Dripa) 2014 is illegal.
The ECJ’s advocate general said: “Solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences are not.”
Only the data associated with calls and emails is retained not the content of messages.
The preliminary ruling appears to bring European data retention practices closer into line with the debate over the passage of the UK’s investigatory powers Bill over what safeguards should be imposed for bulk interception and retention of data.
The court’s final decision will be delivered in the coming months. The vast majority of judgments follow the line set out by the advocate general.
Mr Davis and Mr Watson, who were supported by the Law Society, have already won a high court victory on the issue but the government appealed and the case was referred to the ECJ.
At issue was whether there are EU standards on data retention that need to be respected by member states in their domestic legislation. The result, though significant in the short term, may eventually prove academic once the UK has withdrawn from the EU and the ECJ no longer has judicial authority in that jurisdiction.
However, it will be relevant to Ireland which is still reviewing its data retention regime following the ECJ striking down the EU data retention directive in 2014 following a challenge by Digital Rights Ireland. A Swedish case heard by the advocate general along with the British action emerged as a direct result of that 2014 decision.
Ireland was among many states to make submissions to the courts in both the Swedish and the British case.
Mr Davis has argued that the British government is “treating the entire nation as suspects” by ignoring safeguards on retaining and accessing personal communications data.
The outcome of the Dripa case, which was heard by 15 European judges in Luxembourg, is likely to have a significant impact on the ultimate shape of the controversial investigatory powers bill – nicknamed the snooper’s charter – now before the UK parliament.
– Guardian Service