Intelligence surveillance and data retention Flashcards
What happened in Digital Rights Ireland?
Invalidation of Data Retention Directive
What did the WP29 state after the ruling in Digital Rights Ireland?
National data retention laws should be:
- appropriate,
- differentiating,
- limited and exceptional;
- strictly necessary;
- live up to substantive and procedural conditions;
- effective protection against risk of unlawful access
What happened in Tele2?
National rules of retention could be allowed after the invalidation of the Directive under certain circumstances
Sets up requirements for national legislation providing measures for data retention.
○ Clear and precise rules about scope and application of provisions
○ Indication of circumstances and conditions of data retention measures - strictly necessary.
○ Proportionality: There must be a link with serious criminal offences or a likelihood that the data can contribute to fighting serious crime or prevent a serious risk to public security (geographical limitation)
Conditions regarding access to retained data:
○ Clear and precise rules for when access can be granted.
○ Only to the data of individuals suspected of planning, committing or having committed a serious crime or of being implicated in such a crime.
○ Prior review by a court or by an independent administrative body.
○ Notification of persons affected, when no longer liable to jeopardise the investigations.
○ The service providers must guarantee a particularly high level of protection and security
○ Data must be retained within the Union + be destroyed at the end of the retention period
○ Possibility of lodging a claim with a DPA to ensure protection
