At least that was what the Court of Justice of the European Union in Luxemborg declared yesterday concerning the Data Retention Directive. But what does this really mean for you in practice?
- Firstly, this is about the
collection of your traffic patterns, not the contents
- , from here a traffic analysis can be done to ascertain your online habits from telephone and ISP providers, and this includes location data, i.e. where you are, as well as related data necessary to identify the subscriber or user.
Secondly, this directive was wanted to ensure that the data collected could be used for the prevention, investigation, detection and prosecution of serious crime, such as, in particular, organised crime and terrorism.
However, the directive was flawed because:
- 1. The data was collected on ALL of us, not just limited to crime prevention;
- 2. Anyone could access data collected on you. No court warrant was needed, like for example what is needed to search your home premises;
- 3. There was nothing forcing the deletion of data collected after the maximum retention period of 24 months;
- 4. There was nothing stopping the data collected from ending up outside of the EU.
So what next? I believe, just like a ‘bad penny’ this directive will pop-up again later with a new set of clothes, this time with less holes 😉
SvD – EU:s datalagringsdirektiv ogiltigt (2014-04-08)
ft.com – European Court of Justice rules EU data collection laws illegal (2014-04-08)
PCWorld – Germany Taken to Court for Failing to Implement Data Retention (2012-05-31)
PCWorld – German Lawmakers Say Data Retention Directive May Be Illegal (2011-04-27)