NU.nl, 11 March 2015: 'Dutch telecoms data retention obligation scrapped by judge'
“Dutch providers no longer have to store data on internet and telephone traffic. The retention obligation, which was challenged in summary proceedings against the state by several privacy groups and small internet providers, is invalid.
This was ruled by the court in The Hague on Wednesday. The retention obligation violates the Charter of Fundamental Rights of the European Union, specifically the right to respect for private life and protection of personal data.
Earlier, the European Court decided that a European version of the retention obligation was illegal. Former Justice Minister Opstelten, however, found that the Dutch interpretation of the European directive could be upheld.
The plaintiffs, including Privacy First, provider BIT and the Dutch Associations of Criminal Defence Lawyers and Journalists, believe that the data retention obligation infringes too much on the privacy of Dutch citizens who are not suspected of a crime.
Data on phone usage, such as which numbers called each other and when, are stored for 12 months. Data on internet usage, such as who logged in with which ip address, are stored for six months. As it records which mobile phones are in contact with which masts, a rough location of Dutch people is also recorded and stored.
Among other things, the judge found that the data collected is too easily accessible in crimes that are not very serious. The prosecutors argued during the summary proceedings that technically retained data could also be accessed in the case of a bicycle theft, although the government says this does not happen.
"However, the fact is that the possibility to do so does exist and there are no safeguards to effectively limit access to the data to what is strictly necessary to combat (only) serious crime," the judge said in his ruling.
The judge also finds it wrong that there is no judicial review before data is accessed. (...) "The interim relief judge is aware that rendering the Wbt inoperative may have far-reaching consequences for the investigation and prosecution of criminal offences," the ruling reads. "However, that does not justify the continuation of the aforementioned infringement."
The Telecommunications Data Retention Act will be rendered completely inoperative. Thus, even providers that were not party to the summary proceedings no longer have to retain data.
Vincent Böhre, director of advocacy group Privacy First, said in an initial reaction he was "extremely pleased" with a "groundbreaking judgment". "It is rare for a judge to overturn a law in summary proceedings. This is an important precedent and sets the tone for the debate in the Lower House on the retention obligation."
Green Left MP Tineke Strik said she is happy with the abolition, and hopes that data retention will actually stop soon. "The minister will have to immediately notify all providers that the data retention obligation is off the table and therefore no more usage data should be retained."
A spokesman for the Ministry of Security and Justice said the verdict was still being studied. Later on Wednesday, the ministry will issue a more comprehensive response and announce whether the government will appeal. (...)"