Brussels, BE — Earlier today, Henrik Saugmandsgaard, Advocate General of the Court of Justice of the European Union (CJEU) issued his opinion on the joint data retention cases known as Tele2 Sverige and Davis and Others. Though slightly different in scope and tone, both of these cases concern the validity (and extent) of national data retention laws in Sweden and the UK, with respect to EU law. Both of these inquiries seek to further delineate the CJEU’s invalidation of the EU Data Retention Directive in 2014. The Advocate General’s opinion reaffirms some of the safeguards established under that ruling, but it fails to clarify the extent as the two case files demand.
“Access Now welcomes the Advocate General’s opinion that data retention for ordinary crime is disproportionate and unnecessary,” said Lucie Krahulcova, EU Policy Associate at Access Now. “The opinion however seems indecisive on general data retention. It will be up to the Court to reaffirm in their final judgment that Chapter 7 and 8 of the EU Charter of Fundamental Rights on privacy and the protection of personal data are non-negotiable guarantees for all Europeans, leaving no room for state-level derogations and custom interpretation.”
While the questions targeted at the CJEU in these cases are slightly different, the unifying component is that both of these cases seek to clarify to what extent national data retention is subject to the aforementioned CJEU ruling and to what extent national data retention can be governed by EU law and the EU Charter of Fundamental Rights. To that extent the Advocate General makes a dangerous distinction between data retention itself and the government’s right to access to that data, which he argues could fall outside of the scope of EU law.
On 5 April 2016, the Court held a hearing on the case where several member states argued for state-level discretion when it comes to data retention legislation. Key arguments were, that if proportional and with adequate legally anchored safeguards, data retention could indeed be legal. The Advocate General agrees with that to a great extent. While he makes a distinction between data retention being unnecessary for ‘ordinary’ and potentially necessary for ‘serious’ crimes, he goes on to say that when properly anchored, general data retention can be legal. The opinion seem to be contrary to the Court’s previous invalidation of the Data Retention Directive in 2014 which established that blanket data retention was not possible under EU law.
“We hope the Court will confirm what the Advocate General’s findings failed to conclude, that in present-day EU, existing general data retention schemes are not proportionate,” added Krahulcova.
The Advocate General’s opinion is only advisory, therefore the Court may yet be much firmer in its final judgement. The Court’s ruling in these cases will be an essential indicator for the data retention conversation in the EU. Not long ago, the Luxembourg presidency of the Council of the European Union asked member states to weigh in on whether the European Commission should develop a brand new data retention framework. For human rights advocates and everyone living in the EU, that’s a frightening prospect.
The CJEU needs to explicitly address the issues of national legislation and EU law, and clearly define their interpretation of indiscriminate data retention for all EU member states to understand. In the absence of needed guidance and in light of the current political climate across the EU, member states may be inclined to enact surveillance legislation which by nature tends to include controversial data retention provisions.