The European Court of Justice brings telecommunication providers' data logging duty to an end

On 8 April 2014, the ECJ declared that the controversial logging directive implemented in Danish law by the Executive Order on logging was invalid.

The ECJ found that the directive violated the Community Charter on the protection of privacy and that the EU legislative had exceeded its authority, and the directive was therefore declared invalid all the way back from the adoption i 2006. 

DATA LOGGING DUTY 

By way of national legislation, the directive orders telecommunication providers to log certain data on persons and companies and to store the data for minimum six months and maximum two years. 

The data concerns telephone calls, text messages, Internet traffic and the whereabouts at the time of the communication, but not the actual content of the communication. 

The ECJ ruled that, based on such data,, it is possible to make precise conclusions as to persons' private life, including everyday habits, whereabouts and social relations. 

The purpose of data logging is for the data to be passed on to the police in connection with investigation of serious criminal offences, and in Denmark, the directive was implemented with the result that data must be stored for one year. 

EXPENSIVE FOR THE INDUSTRY

In 2013, the Danish telecommunication companies registered the digital behaviour of 3.5 billion customers. According to the industry, the providers' logging duty has cost approx. DKK 200 million in equipment, and the annual operating expenses amounted to approx. DKK 50 million in 2007. Data logging is therefore a substantial financial burden on the providers. 

VIOLATION OF HUMAN RIGHTS?

The ECJ states that data logging may affect the use of communication, thereby restricting the freedom of speech as laid down in the Community Charter. 

Further, the ECJ states that logging, in itself, constitutes a violation of the protection of privacy, irrespective of whether the registration concerns sensitive information or has caused inconvenience to the person affected. 

The same applies to the basic right of protection of personal data as laid down by the Community Charter. 

The ECJ states that the violation of the rights is both far-reaching and particularly serious. 

Even though the violation of these rights is serious, it is not the opinion of the ECJ that it has negative impact on the actual essence of the rights when the logging does not concern the content of the communication. 

In principle, the directive is therefore justifiable as the purpose is in the interest of the public - protection of public security as long as this is in proportion to this purpose. The ECJ found that no such proportionality existed.

THE SURVEILLANCE IS TOO FAR-REACHING

The directive was primarily criticized for being very far-reaching as it applied to all forms of electronic communication, especially when the use thereof has increasing impact on peoples' everyday life, thus  violating all EU citizens' right to privacy. 

The violation takes place under the directive without taking into consideration differentiation, restrictions or exemptions and it therefore affects persons in situations where there is no proof of direct or indirect involvement in a serious offence. 

According to the ECJ, there is therefore no connection between the data stored and the specific threat to security as no requirements are made to restrict the logging, either geographically, in terms of time or aimed at a certain group of people.

RISK OF ABUSE OF DATA

Another criticism was that the directive lists no objective criteria laying down when an authority may gain access to logged data, or when a crime is considered serious enough to justify access. 

Further, the directive does not require a court order or a prior administrative hearing and, according to the ECJ, this opens up for a potential abuse of the collected data. 

RANDOM STORAGE DURATION

The directive prescribed that the data were to be stored for minimum six months and maximum two years, but it was up to the individual member states to decide the interval of the national legislation without any requirement that there had to be a distinction between the types of data collected. The ECJ found that this term made the storage of data random and thereby also worrying. 

A NEW DIRECTIVE?

Due to the directive's far-reaching requirements as to surveillance and the risk of abuse, the ECJ concluded that the logging directive went far beyond what was necessary. The directive is therefore contrary to the principle of proportionality of the Community Charter. 

The logging directive was thereby held invalid, and the EU legislative is expected to present a new, revised directive taking the criticism of the ECJ into consideration. 

DANISH RULES TO BE AMENDED?

In connection with the abolishment of the logging directive, there is a need for revising the Danish rules implementing the directive through the Executive Order on logging. 

In some respects, the Danish rules are more far-reaching than the directive and are therefore also to be considered disproportional and contrary to the protection of privacy of the Community Charter. 

Initially, the Minister of Justice has stated that the rules will now be investigated and amended if they do not comply with EU law.