Keeping all customer data could be in breach of European constitution, says Austrian court
On Tuesday, the Austrian Constitutional Court has asked the European Court of Justice (ECJ) to investigate whether the 2006 EU Data Retention Directive conflicts with the EU Charter of Fundamental Rights, after local judges failed to come to an agreement.
The president of the Constitutional Court Gerhart Holzinger suggested that the directive might be illegal, since it breaches the privacy of customers who have not committed a crime.
Innocent until proven guilty
The Data Retention Directive requires all European fixed and mobile telephone companies, as well as Internet service providers, to retain customer data to facilitate the “investigation, detection, and prosecution of serious crimes”.
Under the Directive, this information should be stored for a period of between six months and two years.
However in Austria, 14 constitutional judges could not agree if the law passed in 2006 is actually valid, since the EU Charter of Fundamental Rights, the European Convention on Human Rights and Austrian constitution all guarantee an individual’s right to privacy.
The case was launched after the court received complaints from a local government, a telecoms company and around 11,000 individuals.
The Austrian judges recognise that the Directive aims to help fight crime, but they also say that most people whose information is stored by the telecoms companies have done nothing wrong, and yet their data can be easily accessed by authorities. The judges also claim that the system offers no real safeguards against abuse.
“We have doubts that the EU Data Retention Directive is really compatible with the rights that are guaranteed by the EU Charter of Fundamental Rights,” said Holzinger in a statement.
One of the responsibilities of the ECJ is to provide interpretation of the various EU laws. However, the highest court in Europe is notoriously slow in processing cases, and the Austrian authorities expect a response no sooner than 2014. Until clarification is received, the Directive will remain in place.
According to PC Advisor, a similar case has been recently launched in Ireland, where the High Court has suggested that data retention might breach EU privacy rules, and also asked ECJ for clarification.
Can you look after your personal data online? Take our quiz!