This post critically analyses the Court of Appeal's judgment in Tom Watson and Others v Secretary of State for the Home Department with regards to
general data retention, access to communications data on the basis of prior review by a court or an independent administrative body and notifications.
As a result, a regime of
general data retention should be established on the basis of measures adopted by a legislative authority, that are accessible and foreseeable while offering adequate protection against arbitrary interference with the rights of privacy and data protection (§ 153).
In a first step, the AG affirms that
a general data retention obligation falls within the scope of Directive 2002 / 58 / EC, despite the exclusion of State activities relating to criminal law by Article 1 (3) of the Directive.
Once more, the AG argues this is a task for national courts, but he nonetheless points out that
a general data retention obligation entails a considerable risk of mass surveillance (§ 256).
As the Commission has rightly emphasised, provisions governing access are of decisive importance when assessing the compatibility with the Charter of provisions introducing
a general data retention obligation in implementation of Article 15 (1) of Directive 2002/58.
Furthermore, assuming it is, what offences are sufficiently «serious» to justify
a general data retention obligation?
Next, the AG addresses the fifth requirement: are
general data retention obligations really (ie strictly) necessary to combat serious crime?
Furthermore, the AG insists on the fact that national courts will have to assess whether there are no equally effective and less restrictive means available in the national system to achieve the same goal as
a general data retention obligation (§ § 206 - 215), thereby passing on a difficult but very important balancing exercise to the national courts.
Moving forward, the AG evaluates the proportionality of
general data retention obligations, which he splits up in three separate (sub --RRB- requirements: are they appropriate (fourth requirement) as well as strictly necessary (fifth requirement) to achieve the aforementioned objective of fighting serious crime and proportionate in a democratic society (sixth requirement).
Subsequently, the AG addresses the first question of the Swedish referring court, regarding the compatibility of
a general data retention obligation with Article 15 (1) of Directive 2002 / 58 / EC (the Directive on privacy and electronic communications) and Articles 7 and 8 of the Charter.
According to the AG, paragraphs 56 to 59 of Digital Rights Ireland should indeed be interpreted as meaning that
a general data retention obligation does not pass the strict necessity test but only if «it is not accompanied by stringent safeguards concerning access to the data, the period of retention and the protection and security of the data» (§ 195, original emphasis).
Second,
any general data retention regime should observe the essence of the rights enshrined in Articles 7 and 8 of the Charter, as the CJEU also highlighted in Digital Rights Ireland.
Third, the interference with the rights to privacy and data protection caused by
a general data retention obligation can only by justified if the latter pursues «an objective of general interest recognised by the European Union».
For one, is
a general data retention obligation strictly necessary, or on the contrary, does it go «beyond the bounds of what is strictly necessary for the purposes of fighting serious crime, irrespectively of any safeguards that might accompany such an obligation» (emphasis added)?
This brings the AG to the biggest and most tricky questions submitted for a preliminary ruling, combining the second question of the Swedish court and the first question of the Court of Appeal, concerning the conditions national legislation should respect when creating
a general data retention obligation.
For another, if
a general data retention does not exceed what is strictly necessary, «must it be accompanied by all the safeguards mentioned by the Court in paragraphs 60 to 68 of Digital Rights Ireland» (§ 189).
Nevertheless, in the AG's view, the interferences caused by
a general data retention regime are so serious that the fight against «ordinary offences and the smooth conduct of proceedings other than criminal proceedings» are not «capable of justifying
a general data retention obligation» considering the «considerable risks that such obligations entail» (§ § 172 - 173).
Should such
a general data retention obligation not be compatible with the Charter, could a data retention obligation then nevertheless be compatible with the Charter if the access of the competent authorities to the retained data is regulated as it is under Swedish law, if the protection and security of the data are regulated as they are under Swedish law, and if all relevant data must be retained for a period of 6 months before being erased, as imposed by Swedish law?
Next, the AG scrutinizes whether the possibility offered by Article 15 (1) of Directive 2002 / 58 / EC to restrict the rights and obligations of the Directive allows for the creation of
a general data retention regime by national law.
As the above analysis suggests, the AG's opinion offers a lengthy and mitigated assessment of the six cumulative requirements that
general data retention obligations under national law should meet.
The written submissions of the intervenors address (a) background on anonymity and its importance to a democratic society (b) international and domestic legal authorities that advocate for protecting anonymous speech under human rights standards and (c)
general data retention obligations and how they interfere with anonymity and the rights of privacy and freedom of expression.
Not exact matches
As a
general rule of thumb, there's good hygiene that you should have in terms of
data practices and
data retention and making sure you're being responsible.
But the Court of Justice of the European Union ruled last December that the UK's «
general and indiscriminate»
retention of citizens»
data communications was unlawful where it wasn't being scooped up for serious crime cases.
Administered in a Title I elementary school from October to December 2016, the study collected and analyzed
data on vocabulary word
retention and reading comprehension from
general education, ELL, and ESE students.
What these GISS emails have in common with the UEA emails is the
general level of sloppiness about code quality and
data retention.
For example, there might be
retention policies governing the preservation and deletion of emails (or other
data) that applied in
general, not only once a FOIA request arrived and FOIA sec. 77 came into play.
If the undifferentiated and
general nature of the
retention of the
data of any person using electronic communications in the Union was one of the main reasons why Directive 2006 / 24 / EC was considered as going beyond what was strictly necessary (para. 59 of the DRI case), such
data retention schemes are possible as long as they respect strict conditions (see the opinion of AG Saugmandsgaard Øe on the joined cases Tele2 Sverige AB and Secretary of State for the Home Department, commented on this blog).
He had refused to declare
general retention measures per se unlawful, preferring instead to assess the compatibility of
data retention legislation against strict proportionality requirements [AG, 116].
This report concluded that DRI could not be interpreted as prohibiting
general and indiscriminate
data retention as a matter of principle, or as establishing criteria — all of which must be fulfilled — in order for legislation to be deemed proportionate.
The Court held that
general and indiscriminate
data retention legislation entailed a particularly serious interference with the rights to privacy and
data protection and that the user concerned is, as a result, likely to feel that their private lives are the subject of constant surveillance [100].
While the Court acknowledged that the fight against serious crime may depend on modern investigative techniques for its effectiveness, this objective can not in itself justify the finding that
general and indiscriminate
data retention legislation is necessary for this fight against crime [103].
Given these differing perspectives, the referring court asked the Court to give «an unequivocal ruling on whether... the
general and indiscriminate
retention of electronic communications
data is per se incompatible with Articles 7 and 8 and 52 (1) of the Charter» [50].
She has also advised clients on spectrum interference and co-ordination issues, compliance with Ofcom's
General Conditions of Entitlement and the Consumer Rights Act, the broad range of carriage or capacity arrangements for resellers or compliance issues for Over The Top (OTT) services and
data retention and lawful interception issues.
And the Ugly However, the most disappointing element of the judgment, like the Opinion of the Advocate
General, is that it does not query the appropriateness of
data retention as a tool to fight serious crime [49].
Dr. Braun has also advised German and multinational companies on all aspects of
data protection law and
general compliance issues, including cross border flows of personal
data,
data security, electronic discovery and
general document
retention issues.
These included that Part 4 permits the «
general and indiscriminate»
retention of communications
data, amounting to a serious violation of privacy rights.
The ECJ ruling, Home Secretary v Tom Watson & Ors (C - 698 / 15), prohibits governments from «
general and indiscriminate
retention» of
data except where strictly necessary for the fighting of serious crime.
The Facebook blog post, written by deputy
general counsel Paul Grewal, cited the «public prominence» of Cambridge Analytica, called the alleged
data retention an «unacceptable violation of trust» and said the social network will take legal action if necessary to hold all parties «responsible and accountable for any unlawful behavior.»
Skills • Inbound customer service assistance •
General technical troubleshooting • Telephone and verbal communication skills • Experienced computer user • Typing and
data entry • Database search strategies • Account
data verification • Assessing problems and developing solutions • Offering accurate and timely responses • Product and service background knowledge and speedy referencing • Knowledge
retention • Multitasking on phone and computer • Working as part of a team • Active listening • Problem solving • Conflict resolution • Patience • Organization • Emotional stability and reliability • Adaptability
Used automation and
general office equipment to update databases, military personnel automation systems, prepared reports, correspondences, and statistical
data; entered, verified, and managed all input to the SIDPERS System; maintained a working knowledge of
retention programs designed to help
Retention personnel meet quarterly missions.