EFF welcomes a strong voice in the fight against data retention mandates: on Wednesday, a group of Slovak MPs filed a complaint challenging the constitutionality of Slovakia's mandatory data retention law. The law compels telcos and ISPs to monitor the communications of all citizens including those not suspected or convicted of any crime, and in case law enforcement officials demand them for any reason.

The complaint also requests that, if necessary, the court should challenge the validity of the larger European data retention directive before the Court of Justice of the European Union. The Data Retention Directive, adopted in 2006, forces Member States of the European Union to adopt laws that would compel ISPs and telecommunications service providers operating in Europe to collect and retain a subscriber's incoming and outgoing phone numbers, IP addresses, location data, and other key telecom and Internet traffic data for a period of 6 months to 2 years.

The European Information Society Institute (EISi), the Slovak research center which authored the complaint, has championed this battle for the last two years. In a statement, Martin Husovec, the lawyer of the EISi says,

After the General Prosecutor's Office twice rejected our request to file this complaint before the Slovak Constitutional Court, we had no other option that to prepare the template submission before the Constitutional Court ourselves and address the MPs. The liberal MP, Martin Poliačik, took a lead and persuaded other MPs. After two years of our hard work, we now have the case before the Constitutional Court.

A mass untargeted collection of communications records of ordinary, non-suspected people can not be tolerated where freedom is valued. Data retention mandates are a threat to privacy and anonymity, and have been proven to violate the privacy rights of millions of Europeans. And some courts in Europe have already agreed.

The Czech Constitutional Court declared in March 2011 that the Czech mandatory data retention law was unconstitutional. Earlier, in January 2012, the same Court dealt another blow to data retention by annulling part of the Criminal Procedure Code, which would have enabled law enforcement access to data stored voluntarily by operators. Most importantly, the Czech Court used compelling language in articulating the importance of the protection of traffic data. The Court stated that the collection of traffic data and communication data warranted identical legal safeguards since both have the same "intensity of interference". However, a new data retention bill seeks to find its way back into the Czech legal framework, and is waiting for the President's signature.

In March 2010, a German Court declared unconstitutional the German mandatory data retention law. The Court ordered the deletion of the collected data and affirmed that data retention could "cause a diffusely threatening feeling of being under observation that can diminish an unprejudiced perception of one's basic rights in many areas." The lawsuit was brought on by 34,000 citizens through the initiative of AK Vorrat, the German working group against data retention.

In Ireland, the Court has referred to the European Court of Justice the case challenging the legality of the overall data retention directive, thanks to a complaint brought by Digital Rights Ireland. The Irish Court acknowledged the importance of defining "the legitimate legal limits of surveillance techniques used by governments," and rightly emphasized that "without sufficient legal safeguards the potential for abuse and unwarranted invasion of privacy is obvious." Courts in Cyprus and Bulgaria have also declared their mandatory data retention laws unconstitutional.

EFF continues to fight for the repeal of the EU Data Retention Directive and oppose blanket untargetted mass surveillance proposals throughout the world.

References: