The EU Supreme Court (European Court of Justice) has ruled that no European country may have laws that require any communications provider to perform blanket indiscriminate logging of user activity, stating in harsh terms that such measures violate the very fundamentals of a democratic society. This finally brings the hated Data Retention to an end, even if much too late. It also kills significant parts of the UK Snooper’s Charter.

This morning, Luxembourg time, the European Court of Justice (ECJ) presented its damning verdict. In a challenge brought by plaintiffs in Ireland and Sweden, it was argued that forcing telecommunications providers – ISPs and telecom companies alike – to log all activity of their users, in case law enforcement may need it later, was simply incompatible with the most fundamental privacy rights laid out in the European Charter of Human Rights. The court agreed wholesale.

These blanket everybody-is-a-suspect laws, originally the brainchild of infamous human rights violators in UK, Ireland, Sweden, and France, were pushed aggressively in the wake of the 2004 Madrid bombings, and were approved by the European Parliament on December 14, 2005, following a scare campaign coupled with the message how they were “necessary to fight terrorism”. The ink on the law was barely dry before they were used to go after ordinary teenagers sharing music and movies instead.

Out of 27 European states, a third never implemented the violations. Some had them revoked by national Supreme or Constitutional courts, like Germany.

The Court states that, with respect to retention, the retained data, taken as a whole, is liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained. The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious. The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference. — European Court of Justice (their bolding)

The Court goes on to say that targeted surveillance of people who are currently under individual suspicion of a serious crime was, and remains, legitimate – but not, never, blanket surveillance of everybody and all the time.

This puts an end to 12 years of egregious privacy violations in Europe. The beginning of the end came in April of 2014, when the ECJ declared the Data Retention Directive null and void – they didn’t just rule it cancelled from the date of verdict: they ruled retroactively that it had never existed. That ruling meant that European states were no longer forced to have laws mandating logging of everybody’s activity – but they were not forbidden from having such laws. It went from a federal issue to a states issue.

Until today. From this day, such laws are subject to a blanket ban. Twelve years of bullshit has come to an end.

This also means that the logging-requirement parts of the UK “Snooper’s Charter” are dead as a doornail and subject to the response given in the legal challenge of Arkell v. Pressdram (1971), should the UK government require it.

Privacy remains your own responsibility.