So The Beast Of Data Retention Is Finally Dead In Europe. What, Why, How?

Yesterday, the European Court of Justice – the highest court in the world’s largest economy – declared Data Retention to be an inexcusable violation of fundamental human rights. The court invalidated the entire directive (“EU federal law”) retroactively, making it have never existed. This is a great vindication of the liberties movement, confirming what we’ve said all along, but much remains to be done.

The EU Data Retention Directive was adopted on December 14, 2005. It says that every piece of conversation between people in the European Union is to be logged – who, how, when, and from where. The express purpose was to use the data against the citizens thus monitored. (The first Pirate Party was initiated on December 16, 2005. Yes, there is a direct connection.)

Many politicians have tried to use the most absurd justifications for this mechanism. “Our country will be fined by the EU if we don’t follow the directive.” (Yes, but it costs over ten times as much to perform the surveillance. Taking the fines would be cheaper, not to mention you get to keep basic privacy.) “We have to.” (No, we don’t. There’s a process to challenge a directive – a EU federal law – on human rights grounds, and you’re choosing to not follow it.) And so on. “We need it for law enforcement.” (Oh, so the convenience of the Police is now more important than human rights? That sounds like the definition of a police state, mate.)

Some more pragmatic politicians have tried to limit the extent of the damage done, by adding various look-good “safeguards” onto the initial violation. Liberty activists have tried to repeat time and again and again how this does not make anything near okay. It doesn’t matter if only courts can access the surveillance data. It doesn’t matter if only the police has access to it (and nota bene, the copyright industry demanded independent access to the surveillance data. Yes, you read that right). It doesn’t matter if the data is only available to the police for certain severe crimes.

The problem is the blanket violation of privacy, the very first step. Anything that happens after that point is irrelevant; it’s the initial blanket of violation of everybody’s privacy, where everybody’s communications are logged no matter what, that is unacceptable, intolerable, and inexcusable.

This also means that the Data Retention concept can’t be repaired, it can’t be tweaked, it can’t be adjusted into supportability. It’s the very basic idea of blanket collection of people’s communications that is completely intolerable.

Happily, the European Court of Justice made this exact point in its verdict yesterday: the fundamental premise is intolerable. That means that the concept as such is dead. There are still national legislations in the EU that require ISPs and telcos to retain data as per the now-never-existed directive; expect these to be challenged on human rights grounds (and country governments sued for human rights violations) at a rapid pace. From the verdict:

Firstly, the directive covers, in a generalised manner, all individuals, all means of electronic communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.

The court killed the directive on several more grounds, but this was the first one listed, and the one we have been going on against since the first Pirate Party was launched on January 1, 2006. This exact criticism was in our election platform that very year, under the heading “Immediately”:

Data Retention shall not be implemented [in Sweden], as it violates [paragraphs referring to fundamental right to privacy] in the European Convention on Human Rights.

This hasn’t stopped politicians from all camps and colors, even those who expressly voted for the damn thing, to come out and claim victory pretending this was what they wanted all along. That’s your run-of-the-mill politics hypocriticality as usual.

It took us almost ten years, but we were given an unambiguous “you were right all along” in the end by the highest court in the world’s largest economy. Can we now please start respecting all the other aspects of fundamental privacy we’ve also been talking about?

This is also something to learn for Brazil, whose in-process Marco Civil mandates blanket data retention. Now that Europe has declared that practice totally, utterly, and completely incompatible with one of the most fundamental of human rights, Marco Civil should not pass in its present form, regardless of whether it contains good things beside the intolerable violation.