[At-Large] [EURO-Discuss] European Union Court of Justice ruling on data retention.

Aida Noblia aidanoblia at gmail.com
Wed Apr 9 21:58:38 UTC 2014

Dear all:

Modestly, as seen in the grounds of the judgment , I think it is very
important to take into account the principles of proportionality and
weighting governing the protection of personal data, and other principles
such as the purpose for which it is collected or retained data , these
principles are included in their own data protection laws in most cases I

The arguments set out in the judgment , in particular paragraphs 59 and
following , are a proxy for all the elements that the court considered
these aspects , ie the Directive concerned, annulled by the judgment, did
not meet these requirements set the limits adequate for retention. Have
fulfilled these requirements Directive understand that it is likely that
the Directive has not been canceled, because there would be no basis to set
aside or not enough.

At least in the laws and decrees that I have seen , it is these principles
that govern matter and are established by law , also the principle of
finality : the data are collected for a specific purpose and usually a
period for retention is set , while there or that purpose within the law
states that it considers appropriate , the data can be retained . Be
removed from the database when they are no longer required to fulfill the
purpose . The Directive does not set retention periods or criteria for
that. These are the arguments of the sentence, the vagueness of the
directive on many points.

If ICANN is a purpose for data collection , which is to provide safe and
reliable service to query the WHOIS database or the new system that
replaces While this purpose is functional data can and must be retained .
After that time is required to remove them.

We should see if ICANN if the personal database records or potentially
enforce different laws to not violate laws , an issue that is not at all
easy and it is easiest to think that there is no more data retention to
avoid problems . But that also suffers the function and purpose that meets
the database for Internet users . I have understood that the EWG has
studied and is studying these aspects.

The various laws set deadlines . For example databases of debtors financial
system data retained by law for five years in my country , to protect the
financial system. This is not disputed . It is one of the statutory
exceptions databases regulated by law . After the period should be
eliminated. For data records ICANN , for example if the domain is deleted
for some reason as such, the data for the same must be removed.

Also own laws protecting personal data establish certain exceptions, such
as databases created by special laws for example.

Another issue is that to keep the data for the statutory period , these
data should be updated , properly protected in the computer system to allow
unauthorized access but not access to persons who do not require access to
these data, and not all people can access to all data , no data accessible
to some people and not others ; access permissions are different : one is
the one with the doctor or the patient , another some other health
personnel who can access some data and some do not.

The issue is not simple .. there are many details to consider and they are
new and important, but so, in a complex world the solution is usually not
simple .

I hope I have not bored and the intention is that this will be a
contribution to the discussion of the topic.


2014-04-09 18:02 GMT-03:00 Michele Neylon - Blacknight <
michele at blacknight.com>:

> Wolf et al
> Yesterday's announcement is very important. And I suspect a LOT of EU
> based registrars and their legal counsel are looking at this very closely.
> Some of us have been discussing the decision and trying to understand what
> (if any) impact it will / can have on the current situation with regard to
> EU registrars and the 2013 contract. It should also be noted that there are
> privacy implications with the standard new TLD registry contract.
> The ECJ's decision will mean that the Irish case has to go back to the
> Irish courts..
> And of course while the ruling means the directive is "bad" it can't
> automatically overrule the legislation in all the member states overnight ..
> How ICANN will deal with this is another question entirely and it'll be
> interesting to see if their legal counsel are adopting their tone in light
> of this ..
> Just my two cents ..
> Regards
> Michele
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting & Colocation, Domains
> http://www.blacknight.co/
> http://blog.blacknight.com/
> http://www.technology.ie
> Intl. +353 (0) 59 9183072
> Locall: 1850 929 929
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 1 4811 763
> Twitter: http://twitter.com/mneylon
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
> -----Original Message-----
> From: euro-discuss-bounces at atlarge-lists.icann.org [mailto:
> euro-discuss-bounces at atlarge-lists.icann.org] On Behalf Of Wolf Ludwig
> Sent: Wednesday, April 9, 2014 9:44 PM
> To: At-Large Worldwide; Jean-Jacques Subrenat
> Cc: Discussion for At-Large Europe
> Subject: Re: [EURO-Discuss] [At-Large] European Union Court of Justice
> ruling on data retention.
> Dear Jean-Jacques and all, (let me Cc the EURALO list to this)
> thanks a lot for pointing to this yesterday's European Court decision with
> various and important foreseeable impacts - "regarding the protection of
> Internet user rights and privacy", as you mentioned.
> As EDRI affirmed yesterday: "After eight years, this affront (data
> retention) to the fundamental rights of European citizens has finally been
> declared illegal. Eight years of abuses of personal data and eight years of
> reassurances from EU Member States and the Commission that the measure was
> legal ..." Various among our German ALSes (DigitalCourage, Network New Media,
> Vereinigung Datenschutz etc.) pointed to this abuse and violation of
> privacy rights since years while the public was mislead until this superior
> court ruling. As an example, Germany didn't transpose this EU Directive
> 2002/58/EC into its national legislation so far and was sued by the
> European Commission for "non-compliance with EU rules". Now the EU
> Commission and most member states have to do their home work for respecting
> this European Court decision (life can be cruel ;-)
> Besides Europe, this court decision impacts IMO also ICANN incl. recent
> discussions in Singapore (and before) whether or to what an extent European
> registrars have to comply with and exert ICANN rules clearly violating
> European privacy standards - particularly after yesterday's court decision?
> To me, yesterday was a great day for reaffirming *privacy as a fundamental
> right* in the EU! Any further comments on this are welcome!
> Kind regards,
> Wolf
> Subrenat, Jean-Jacques wrote Wed, 9 Apr 2014 10:32:4
> >On 9 april, the European Union Court of Justice (EUCJ) ruled that
> >
> >"Directive 2006/24/EC of the European Parliament and of the Council of 15
> March 2006 on the retention of data generated or processed in connection
> with the provision of publicly available electronic communications services
> or of public communications networks and amending Directive 2002/58/EC is
> invalid".
> >
> >This ruling follows requests by associations representing civil society
> >in Ireland (Digital Rights Ireland, Ltd.) and Austria
> >(Verfassungsgerichtshof). It
> >- requires the European Union to provide enhanced protection for
> >Internet and telecommunications users;
> >- while recognizing the legitimate concerns posed by criminal and
> terrorist activities, imposes improved protection of personal data and
> privacy.
> >
> >For those not familiar with the legal system of the European Union, when
> the new Directive will have been adopted as a result of this ruling, it
> will be transposed into the national legislation of each Member State.
> >
> >To my knowledge, this ruling represents one of the most (if not the most)
> advanced legislation in the world regarding the protection of Internet user
> rights and privacy.
> >
> >The full ruling can be read
> >- in English,
> >http://curia.europa.eu/juris/celex.jsf?celex=62012CJ0293&lang1=fr&type=
> >TXT&ancre=
> >- in French,
> >http://curia.europa.eu/juris/celex.jsf?celex=62012CJ0293&lang1=fr&type=
> >TXT&ancre=
> >- in German,
> >http://curia.europa.eu/juris/celex.jsf?celex=62012CJ0293&lang1=fr&type=
> >TXT&ancre=
> >
> >
> >Jean-Jacques.
> >
> >_______________________________________________
> >At-Large mailing list
> >At-Large at atlarge-lists.icann.org
> >https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >
> >At-Large Official Site: http://atlarge.icann.org
> >
> EuroDIG Secretariat
> http://www.eurodig.org/
> mobile +41 79 204 83 87
> Skype: Wolf-Ludwig
> EURALO - ICANN's Regional At-Large Organisation http://euralo.org
> Profile on LinkedIn
> http://ch.linkedin.com/in/wolfludwig
> _______________________________________________
> EURO-Discuss mailing list
> EURO-Discuss at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/euro-discuss
> Homepage for the region: http://www.euralo.org
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> At-Large Official Site: http://atlarge.icann.org

Aida Noblia

More information about the At-Large mailing list