 |
| Via Wikimedia |
On April 8,
2014, the European Court of Justice has ruled in the Digital Rights cases
Ireland against the Irish authorities and the Constitutional Court
Austria vs. the Government of Carinthia and Mr Seitling, Mr Tschohl and others
complainants, Cases C-293/12 and C-594/12 (In English), declaring invalid and void
la Senior Management about phone data retention and communications
of 2006, from now on the “Directive”, with effect from
from the date on which the Directive entered into force.
What did the Directive require? What type of data needed to be retained?
2014, the European Court of Justice has ruled in the Digital Rights cases
Ireland against the Irish authorities and the Constitutional Court
Austria vs. the Government of Carinthia and Mr Seitling, Mr Tschohl and others
complainants, Cases C-293/12 and C-594/12 (In English), declaring invalid and void
la Senior Management about phone data retention and communications
of 2006, from now on the “Directive”, with effect from
from the date on which the Directive entered into force.
What did the Directive require? What type of data needed to be retained?
With the aim of fighting terrorism and other serious crimes, the Senior Management forced telephone companies and operators internet to record, retain and preserve all types of telephone calls (landlines and mobiles, or no response) and emails for a period, according to the legislation applicable in each state, between 6 and 24 months, the following data:
- In the case of fixed telephones, the data of originating and destination telephone numbers, the names and addresses of the callers and those for whom the telephone numbers are registered at the time of connection, as well as the telephone service used, as well as from where they are calling, although not the content of the conversation, for which judicial authorization will be required.
- In the case of mobile, the device identifier is added.
- To Internet the dynamic and static IP addresses assigned by the access provider to the connection, the name and address of the user and data about the time, date and duration of a communication.
- The data referring to the date and time of activation of a prepaid card.
Reasons for the invalidity of the Directive
The Court of Justice points out that the obligations imposed on telecommunications companies represent a extensive and particularly serious intervention of the fundamental rights to privacy and the protection of personal data of individuals, since there are no substantive and procedural limits in the Directive that regulate and restrict such interferences to what is strictly necessary, thereby exceeding the principle of proportionality.
In fact, the Judgment states that “in the interest of prosecuting terrorism and crime, the Directive requires widespread retention of all people, all means of electronic communication and traffic data without any type of differentiation, limitation or exception".
Thus, the Judgment maintains that the aforementioned data taken as a whole, what we call Big Data, can provide very precise information about people's private lives whose data is retained, such as habits of daily life, permanent or temporary places of residence, activities carried out in our ordinary life, in moments of leisure or vacations, our relationships, friends, social environments, in short our entire life, our thoughts, beliefs, feelings, our location, and that of our children, current accounts, without prior information to individuals about the use of data or consent for their processing, basic principles of the fundamental right to data protection.
The Court of Justice examines in the Judgment whether such interference with fundamental rights is justified and despite the fact that it recognizes that the Directive:
(i) does not allow knowledge of the content of electronic communications,
(ii) obliges service or internet providers to respect certain principles of data protection and security and
(iii) that the retention of data for the purpose of possible transmission to the competent national authorities truly satisfies an objective of general interest, to combat serious crimes and protect public safety,
The Court declares that The Directive does not establish sufficient safeguards to ensure effective protection of data against the risk of abuse and against any illegal access and use of data..
Therefore, there is no formal obligation to impose enhanced security measures to protect said information or review and audit obligations on the application of said measures. to verify its compliance and prevent it from falling into the hands of people or entities that could make a use not consented, Since the creating personality or behavioral profiles, to a use criminal, blackmail, theft of your house and your money, kidnapping of you or your family, etc., about them.
As we know, the application of security measures requires investment and expenditure, and the Court points out that the Directive allow a Service providers take into account economic considerations when determining the level of security to apply (particularly with regard to the costs of implementing security measures) and that does not ensure the irreversible destruction of data at the end of its retention period.
In fact, the security of individuals is also affected because, as specified by the Court of Justice, the Directive does not require data to be kept in the EU. Therefore, the Directive does not guarantee that the data will be treated with the same security measures and the same protection criteria as those that govern in the EU, an essential principle, implemented and consolidated in the European regulations that govern the processing of personal data. natural persons in the EU, without requiring authorizations from the competent authority and verifications of the security levels applicable to data in third countries.
Conclusion
La evolution of technology has given rise to you can know everything about us, Which everything and everyone is attackable From a cybersecurity point of view, the only limits to an attack are in How long does it take a hacker to get hold of the data? and which are they measures that companies and governments have planned to slow down the attack, be able to detect it and stop it. At present, war and information power are in the space and I am not referring to the air but to the Cyberspace Although this sounds like Star Wars.
The abuses that some governments are doing to our data, from NSA espionage to others like Ukraine, lead us to consider once again the need to defend our security, without which there is no freedom or democracy, and, therefore, protect our data, congratulating the European Court of Justice on its decision.
