The ECJ has declared the Data Retention Directive to be invalid – but what actual effect will it have?

Today the European Court of Justice has declared the Data Retention Directive to be incompatible with the European Convention on Human Rights, and therefore invalid. (See here for details.) Privacy activists are delighted. Jan Philipp Albrecht called it “a major victory for civil rights in Europe.” Privacy International said, “It is right and overdue that this terrible directive was struck down.”

But there is a severe latency between European decisions and national action, especially where the national preference is for inaction. After all, the decision made today doesn’t even settle the complaint against the directive commenced in 2006 (the Irish High Court will have to settle the case, but guided by the ECJ’s decision).

Alexander Hanff, Think Privacy Inc

I wondered, then, what real effect this decision would have on the various European national governments’ predilection for collecting their citizens’ metadata. I asked Alexander Hanff, a long-standing privacy activist and CEO of Think Privacy Inc (a provider of privacy enhancing technologies and privacy consultancy services). I can do nothing better than to repeat what he told me verbatim.

The declaration by the ECJ is long overdue but welcomed and reiterates what many privacy and human rights experts have been arguing for many years. However, what this means for the UK and other EU member states is as yet unclear. For example, the Data Retention Directive is transposed in different ways in different member states’ laws, and is not limited to a single definition in a single statute.

In the UK it is my understanding that the directive is implemented in a couple of regulations and acts such as Privacy and Electronic Communication (EC Directive) Regulations and the Regulation of Investigatory Powers Act. Which means both would need to be changed – but before that can happen the Directive itself would need to be changed to fall in line with the ECJ declaration (or “repealed” in its entirety).

As you know, the wheels of the machine turn incredibly slowly which means it could be some time before we see the relevant changes in the EU Directive – I presume this would make it difficult for citizens to challenge their governments implementation of the Directive into the national laws and regulations, as these member states would simply say they have ratified the existing Directive and cannot change their laws until the Directive itself is changed – in other words, member states are likely to say “Not our problem gov, we are just doing what Strasbourg/Brussels are telling us to do!”

That said, even if a challenge was successfully filed, it would take a great deal of time for anything to happen – look at the situation with the UK and RIPA for example – it took around 2 years from the EU Commission officially commencing infringement proceedings to the UK changing RIPA to comply with EU regulations on interception of communications.

It is of course possible that the UK government (and other member states) will voluntarily repeal the various clauses in various pieces of legislation which relate to data retention or better define them to be compatible with the ECJ declaration – but I would think that is highly unlikely given the intelligence value of this data (which everyone is now very painfully aware of since the Snowden revelations).

It may also be possible for citizens (in the UK at least and potentially other member states) to challenge their Governments in their national courts – given that (again in the UK at least) Court judgments must consider their impact on human rights under what is known as the “horizontal effect” from the Human Rights Act (as the court is a public body) so a challenge against the Government under HRA with the weight of HRA itself having a direct influence on the decision of the Court could lead to an interesting decision. But again, such a challenge would be expensive and take a significant period of time to reach a conclusion – during which time the Government could well pass secondary legislation which creates obstacles (such as some specific national security legislation, anti-terror expansion etc.).

It is too early to know how this will play out, but it is certainly interesting and will worth keeping a watchful eye on.

We should be pleased with today’s result; but there is still much to do and much to prevent. We are still a long way from changing anything in the UK.