Tuesday, 4 November 2014
Australian Attorney-General George Brandis' data retention spin ignores a Court of Justice of the European Union judgment
At a press conference on 30 October 2014 Federal Attorney-General George Brandis stated:
Data retention regimes currently operate in some 29 countries including most European countries and the United States. I want to stress, as Mr Turnbull stressed in his second reading speech, that this bill confers no new powers on ASIO, the AFP or on law enforcement agencies. They can already access metadata under the existing law; the purpose of the bill is to establish a common, industry wide standard for metadata retention and to ensure that metadata continues to be retained so that the investigative capabilities of the intelligence agencies and the police are not degraded.
In making such a statement Brandis ignores four subjects – the right to privacy of the ordinary individual, the level of concern existing in Europe in relation to data retention, the issue of proportional response and, the fact the European Court of Justice had addressed the first three subjects when rejecting the validity of European Union Directive 2006/24/EC & amending Directive 2002/58/EC which sought to force telecommunication corporations to retain metadata for six months.
The history behind C-293/12 - Digital Rights Ireland and Seitlinger and Others (English court transcript) according to Practical Law:
In 2010, the Irish High Court granted a motion by campaign group Digital Rights Ireland to refer to the ECJ a number of questions concerning the compatibility of the Data Retention Directive with Article 5(4) of the TEU, and with certain fundamental rights protected by the Charter.
In 2012, a number of different applicants, including the state government of Carinthia and over 11,000 individual applicants, brought an action before the Austrian Constitutional Court claiming that the Austrian law transposing the Directive infringed their rights under Article 8 of the Charter. Both courts referred questions regarding the validity of the Directive to the ECJ, which joined them in 2013.
The Irish High Court referred the following questions to the ECJ:
Is the restriction on the rights of the plaintiff arising from the requirements in Articles 3, 4 and 6 of the Directive incompatible with Article 5(4) of the TEU in that it is disproportionate or unnecessary or inappropriate to achieve the legitimate aims of:
ensuring that certain data are available for the purposes of investigation, detection and prosecution of serious crime; and/or
ensuring the proper functioning of the internal market of the EU?
In particular, the High Court enquired whether the Directive was compatible with Articles 7, 8 and 11 of the Charter and Article 8 of the Convention.
To what extent do the Treaties, and specifically the principle of loyal co-operation, require a national court to enquire into, and assess, the compatibility of the national implementing measures for the Directive with the protections afforded by the Charter, including Article 7 of the Charter (as informed by Article 8 of the Convention)?
The Austrian Constitutional Court referred the following question to the ECJ:
Are Articles 3 to 7 of the Directive compatible with Articles 7, 8 and 11 of the Charter?
In addition, the court referred a number of questions concerning the interpretation of the EU Treaties, which are not relevant for the purpose of this development.
In December 2013, Advocate General Cruz Villalón gave an opinion in which he concluded that the Data Retention Directive is, as a whole, incompatible with Article 52(1) of the Charter, since the limitations on the exercise of fundamental rights it contains are not accompanied by the necessary principles for governing the guarantees needed to regulate access to the data and their use (see Legal update, Advocate General finds Data Retention Directive incompatible with right to privacy). He recommended that the ECJ find that the Directive is invalid, but that the effects of that finding should be suspended pending adoption by the EU of the measures necessary to remedy the invalidity.
Excerpt from the Court of Justice of the European Union media release of 8 April 2014 with regard to the judgment declaring the data retention directives to be invalid without suspending effect of its findings:
The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented.
The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance…