Governments cannot have unrestricted access to phone and internet users’ data, the European Court of Justice (ECJ) has determined, placing limitations on EU states’ ability to legally carry out bulk data collection.
The panel of 15 judges ruled that the indiscriminate and mass collection of telephone, internet and web communications traffic is not compatible with European law. The ECJ said governments could resort to such practices only if they face a “serious threat to national security.” However, even in the extreme circumstances in which bulk data collection is deemed warranted, such surveillance programs should be limited to a period that is “strictly necessary,” the court explained.
The decision follows a two-day hearing on the legality of the UK’s bulk data collection program, after it was challenged by watchdog group Privacy International. The court also weighed up the merits of surveillance programs in France and Belgium.
A representative from Privacy International said that the case provided an “opportunity to challenge the systemic collection, storage and use of data belonging to millions of people by the UK government.” The group accused the British authorities of using “vague” claims about national security to justify the bulk storage of data for up to 14 years.
In oral remarks, lawyers representing the European states urged the court not to impose restrictions on data collection, claiming their surveillance programs relate to national security and fall outside the jurisdiction of the EU.
The ruling comes several months after the ECJ determined that an EU-US pact that regulated the flow of EU user data to the United States was invalid, stating that US national security laws were insufficient for shielding Europeans from American government snooping.
Like this story? Share it with a friend!