In a major privacy decision, the Court of Justice of the European Union has ruled that data retention schemes enacted by member states violate EU law. The case involved challenges to data retention laws in Sweden and Britain. The Court of Justice found that subscriber data, which "contain information on the private life of natural persons," "may only be stored to the extent that is necessary for the provision of the service for the purpose of billing and for interconnection payments, and for a limited time." The court further explained that fighting terrorism or crime is not, by itself, justification for indiscriminate, blanket data retention. In 2014, the Court struck down the EU Data Retention Directive, which had required telephone and Internet companies to keep traffic and location data as well as user identifying information for use in subsequent investigations of serious crimes. EPIC has advocated against mandatory data retention and currently has a petition pending before the FCC to overturn the regulation requiring the retention of phone records of US telephone customers.
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.