Wednesday , October 21 2020
Home / ARTIFICIAL INTELLIGENCE / EU justice opposes massive collection of Internet and telephone data by states

EU justice opposes massive collection of Internet and telephone data by states

Can European states demand from operators a massive collection of connection data for legal and intelligence purposes? The EU justice issued its ruling on Tuesday, October 6, opposing the massive collection by states of Internet and telephone connection data. This decision was awaited with concern by the magistrates and the police.

Asked by the courts in France, Belgium and the United Kingdom, the Court of Justice of the European Union (CJEU), based in Luxembourg, ruled at 9 am on the illegality of these practices. The question was whether she upheld a 2016 judgment dubbed “Tele2” : the Court then ruled that the Member States could not impose on suppliers a “Generalized and undifferentiated obligation” for collecting and storing traffic data and location data. The European court therefore followed this opinion.

Article reserved for our subscribers Read also Highly coveted personal data

Concretely, the metadata of Internet connections and telephone conversations – which do not relate to the content of the messages but the conditions under which they were exchanged (identity, location, date, duration, etc.) – could not be kept by the operators. But several states of the European Union continued to require such data collection so that the police, magistrates or intelligence services could access this data.

The attorney general of the court, Manuel Campos Sanchez-Bordona, estimated in mid-January that French, Belgian and British rules requiring operators to keep or transmit “Undifferentiated” user data, in particular for counterterrorism purposes, violated European law.

“Mass surveillance”?

All in “Recognizing the usefulness of a data retention obligation for safeguarding national security and combating crime”, the Advocate General had “Advocated for limited and differentiated conservation (…) as well as for limited access to this data ”. His opinion is not binding on the court.

In their defense, the states concerned relied on the EU treaty, according to which national security “Remains the sole responsibility of each member state”. The court examined several decrees implementing the French internal security code, from 2015 and 2016, attacked by La Quadrature du Net, the French Data Network service provider and the Federation of associative Internet access providers.

Article reserved for our subscribers Read also Intelligence: MPs warn of “technological obsolescence” of the 2015 law

For the Advocate General, French regulations certainly apply “In a context marked by serious and persistent threats to national security”, but she “Does not establish the obligation to inform data subjects of the processing of their personal data” and contradicts the 2002 Directive on privacy and electronic communications.

“That there may be targeted surveillance of people who are dangerous or suspected of being dangerous is one thing”, conceded at the beginning of 2020 Alexis Fitzjean, lawyer of La Quadrature du Net, association for the defense of the rights of Internet users. “But to keep all traces of connection undifferentiated for such long periods is mass surveillance, contrary to the rule of law”, he insisted.

Concerned judges

Belgian and British regulations which impose the same type of mass collection on operators are also incompatible with European law, according to the Advocate General.

Human rights NGO Privacy International had brought legal action in the UK. Organizations representing lawyers, accountants and legal professionals in Belgium, for their part, considered that professional secrecy was no longer guaranteed.

Read also The CNIL not at all convinced by the plan to monitor social networks to detect tax fraud

This confirmation by the CJEU of its “Tele2” judgment is giving the French intelligence services a cold sweat, which evokes ” a desaster “ likely to“To hinder very seriously” their investigations. In many cases, such as that of the 2015 terrorist attacks, these data “Constitute a raw material essential for magistrates and investigators ”, observed François Molins, Attorney General at the Court of Cassation last year. “Number of ongoing criminal investigations” could be stopped dead or their acts null and void, he warned.

Access to data is obtained in France at the request of a magistrate, and in matters of intelligence, subject to authorization by the Prime Minister's services.

Read also Data transfers to the United States: 101 European companies targeted by appeals

The World with AFP

Leave a Reply

Your email address will not be published. Required fields are marked *