The Court of Justice of the European Union has ruled the EU Data Retention Directive (2006/24/EC) invalid. The Court deemed the Directive to be an interference with the fundamental rights of practically the entire European population.
Challenged by Digital Rights Ireland, the Directive required internet service providers and telecommunications companies to record details about one's emails, internet use, location and text messages. The information that was gathered stops short of recording the content of the e-mail or text message.
For every citizen this database of information is kept for up to two years. This database can be accessed by gardaí without a warrant, subject to internal procedure.
The Court of Justice deemed the 2006 Directive unnecessary and disproportionate as a means of targeting crime of terrorism.
The Court deemed the Directive invalid on four grounds.
First, the Court deemed the monitoring of the entire population excessive.
Second, the Directive failed to provide effective control over access and use of the data. In particular, the failure to insist that any request for data should be approved by a court.
Third, there was no clear justification as to why data stored on all citizens for an extended period of time, was chosen.
While the fourth ground was the failure to establish adequate security for the stored data, leaving it vulnerable to attack from hackers.
The Court concluded that the Directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.
The case will now return to the High Court to decide whether Irish data retention law is unconstitutional given the Court of Justice judgment. The case also challenges the implementation of the Criminal Justice (Terrorist Offences) Act 2005.
