[At-Large] [EURO-Discuss] European Union Court of Justice ruling on data retention.
wolf.ludwig at comunica-ch.net
Thu Apr 10 00:00:04 UTC 2014
Sorry corrigendum for the 3rd line: Data *retention* (and not "protection") was always ab/used as ... Eyes are getting tired at this time ;-)
Wolf Ludwig sent Thu, 10 Apr 2014 01:28:
>Thanks Aida for this extensive juridical deliberations and evaluations on the case. But IMO, there is a crucial *political* consideration - at least equivalent - as well: Data protection was always ab/used as a "necessity" to combat crime and delinquents by law enforcement and law makers whereas the question or principle of proportionality was always or systematically neglected (in an always ludicrous manner: Don't worry, if you have nothing to hide etc.). While a general suspicion (Generalverdacht) of the broad population was always considered or understated as sort of "collateral damage". Or: The end justifies the means. Over and out!
>Civil rights activists have verified related data of the German Federal Criminal Police Office (equivalent to the FBI) by concluding that data retention contributes to the crime clearance rate around 0,006 per cent at maximum -- see
>(page 31 pp -- unfortunately in German only but substantiated).
>So much on large scale data retention vs. proportionality vs. effectiveness!
>IMO, it's the merit of the European Court esteeming the broader picture and consequences (on fundamental rights) and not only juridical aspects and arguments from law enforcement. And in my longer political life I have learned: Never trust any folks pretending to care for my "security" ;-)
>Aida Noblia wrote Wed, 9 Apr 2014 18:58:
>>Modestly, as seen in the grounds of the judgment , I think it is very
>>important to take into account the principles of proportionality and
>>weighting governing the protection of personal data, and other principles
>>such as the purpose for which it is collected or retained data , these
>>principles are included in their own data protection laws in most cases I
>>The arguments set out in the judgment , in particular paragraphs 59 and
>>following , are a proxy for all the elements that the court considered
>>these aspects , ie the Directive concerned, annulled by the judgment, did
>>not meet these requirements set the limits adequate for retention. Have
>>fulfilled these requirements Directive understand that it is likely that
>>the Directive has not been canceled, because there would be no basis to set
>>aside or not enough.
>>At least in the laws and decrees that I have seen , it is these principles
>>that govern matter and are established by law , also the principle of
>>finality : the data are collected for a specific purpose and usually a
>>period for retention is set , while there or that purpose within the law
>>states that it considers appropriate , the data can be retained . Be
>>removed from the database when they are no longer required to fulfill the
>>purpose . The Directive does not set retention periods or criteria for
>>that. These are the arguments of the sentence, the vagueness of the
>>directive on many points.
>>If ICANN is a purpose for data collection , which is to provide safe and
>>reliable service to query the WHOIS database or the new system that
>>replaces While this purpose is functional data can and must be retained .
>>After that time is required to remove them.
>>We should see if ICANN if the personal database records or potentially
>>enforce different laws to not violate laws , an issue that is not at all
>>easy and it is easiest to think that there is no more data retention to
>>avoid problems . But that also suffers the function and purpose that meets
>>the database for Internet users . I have understood that the EWG has
>>studied and is studying these aspects.
>>The various laws set deadlines . For example databases of debtors financial
>>system data retained by law for five years in my country , to protect the
>>financial system. This is not disputed . It is one of the statutory
>>exceptions databases regulated by law . After the period should be
>>eliminated. For data records ICANN , for example if the domain is deleted
>>for some reason as such, the data for the same must be removed.
>>Also own laws protecting personal data establish certain exceptions, such
>>as databases created by special laws for example.
>>Another issue is that to keep the data for the statutory period , these
>>data should be updated , properly protected in the computer system to allow
>>unauthorized access but not access to persons who do not require access to
>>these data, and not all people can access to all data , no data accessible
>>to some people and not others ; access permissions are different : one is
>>the one with the doctor or the patient , another some other health
>>personnel who can access some data and some do not.
>>The issue is not simple .. there are many details to consider and they are
>>new and important, but so, in a complex world the solution is usually not
>>I hope I have not bored and the intention is that this will be a
>>contribution to the discussion of the topic.
>>2014-04-09 18:02 GMT-03:00 Michele Neylon - Blacknight <
>>michele at blacknight.com>:
>>> Wolf et al
>>> Yesterday's announcement is very important. And I suspect a LOT of EU
>>> based registrars and their legal counsel are looking at this very closely.
>>> Some of us have been discussing the decision and trying to understand what
>>> (if any) impact it will / can have on the current situation with regard to
>>> EU registrars and the 2013 contract. It should also be noted that there are
>>> privacy implications with the standard new TLD registry contract.
>>> The ECJ's decision will mean that the Irish case has to go back to the
>>> Irish courts..
>>> And of course while the ruling means the directive is "bad" it can't
>>> automatically overrule the legislation in all the member states overnight ..
>>> How ICANN will deal with this is another question entirely and it'll be
>>> interesting to see if their legal counsel are adopting their tone in light
>>> of this ..
>>> Just my two cents ..
>>> Mr Michele Neylon
>>> Blacknight Solutions
>>> Hosting & Colocation, Domains
>>> Intl. +353 (0) 59 9183072
>>> Locall: 1850 929 929
>>> Direct Dial: +353 (0)59 9183090
>>> Fax. +353 (0) 1 4811 763
>>> Twitter: http://twitter.com/mneylon
>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>> Road,Graiguecullen,Carlow,Ireland Company No.: 370845
>>> -----Original Message-----
>>> From: euro-discuss-bounces at atlarge-lists.icann.org [mailto:
>>> euro-discuss-bounces at atlarge-lists.icann.org] On Behalf Of Wolf Ludwig
>>> Sent: Wednesday, April 9, 2014 9:44 PM
>>> To: At-Large Worldwide; Jean-Jacques Subrenat
>>> Cc: Discussion for At-Large Europe
>>> Subject: Re: [EURO-Discuss] [At-Large] European Union Court of Justice
>>> ruling on data retention.
>>> Dear Jean-Jacques and all, (let me Cc the EURALO list to this)
>>> thanks a lot for pointing to this yesterday's European Court decision with
>>> various and important foreseeable impacts - "regarding the protection of
>>> Internet user rights and privacy", as you mentioned.
>>> As EDRI affirmed yesterday: "After eight years, this affront (data
>>> retention) to the fundamental rights of European citizens has finally been
>>> declared illegal. Eight years of abuses of personal data and eight years of
>>> reassurances from EU Member States and the Commission that the measure was
>>> legal ..." Various among our German ALSes (DigitalCourage, Network New Media,
>>> Vereinigung Datenschutz etc.) pointed to this abuse and violation of
>>> privacy rights since years while the public was mislead until this superior
>>> court ruling. As an example, Germany didn't transpose this EU Directive
>>> 2002/58/EC into its national legislation so far and was sued by the
>>> European Commission for "non-compliance with EU rules". Now the EU
>>> Commission and most member states have to do their home work for respecting
>>> this European Court decision (life can be cruel ;-)
>>> Besides Europe, this court decision impacts IMO also ICANN incl. recent
>>> discussions in Singapore (and before) whether or to what an extent European
>>> registrars have to comply with and exert ICANN rules clearly violating
>>> European privacy standards - particularly after yesterday's court decision?
>>> To me, yesterday was a great day for reaffirming *privacy as a fundamental
>>> right* in the EU! Any further comments on this are welcome!
>>> Kind regards,
>>> Subrenat, Jean-Jacques wrote Wed, 9 Apr 2014 10:32:4
>>> >On 9 april, the European Union Court of Justice (EUCJ) ruled that
>>> >"Directive 2006/24/EC of the European Parliament and of the Council of 15
>>> March 2006 on the retention of data generated or processed in connection
>>> with the provision of publicly available electronic communications services
>>> or of public communications networks and amending Directive 2002/58/EC is
>>> >This ruling follows requests by associations representing civil society
>>> >in Ireland (Digital Rights Ireland, Ltd.) and Austria
>>> >(Verfassungsgerichtshof). It
>>> >- requires the European Union to provide enhanced protection for
>>> >Internet and telecommunications users;
>>> >- while recognizing the legitimate concerns posed by criminal and
>>> terrorist activities, imposes improved protection of personal data and
>>> >For those not familiar with the legal system of the European Union, when
>>> the new Directive will have been adopted as a result of this ruling, it
>>> will be transposed into the national legislation of each Member State.
>>> >To my knowledge, this ruling represents one of the most (if not the most)
>>> advanced legislation in the world regarding the protection of Internet user
>>> rights and privacy.
>>> >The full ruling can be read
>>> >- in English,
>>> >- in French,
>>> >- in German,
>>> >At-Large mailing list
>>> >At-Large at atlarge-lists.icann.org
>>> >At-Large Official Site: http://atlarge.icann.org
>>> EuroDIG Secretariat
>>> mobile +41 79 204 83 87
>>> Skype: Wolf-Ludwig
>>> EURALO - ICANN's Regional At-Large Organisation http://euralo.org
>>> Profile on LinkedIn
>>> EURO-Discuss mailing list
>>> EURO-Discuss at atlarge-lists.icann.org
>>> Homepage for the region: http://www.euralo.org
>>> At-Large mailing list
>>> At-Large at atlarge-lists.icann.org
>>> At-Large Official Site: http://atlarge.icann.org
>mobile +41 79 204 83 87
>EURALO - ICANN's Regional At-Large Organisation
>Profile on LinkedIn
>EURO-Discuss mailing list
>EURO-Discuss at atlarge-lists.icann.org
>Homepage for the region: http://www.euralo.org
mobile +41 79 204 83 87
EURALO - ICANN's Regional At-Large Organisation
Profile on LinkedIn
More information about the At-Large