Privacy First wins case against telecommunications retention obligation

In a landmark ruling, the District Court of The Hague today set aside the Telecommunications Data Retention Act. The court did so at the request of the Privacy First Foundation and six other organisations. This puts an end to years of massive privacy violation: the retention of everyone's telecommunications data for investigation and prosecution. Every Dutch citizen became a potential suspect as a result. The court now puts a line through this.

Broad social coalition

Under the Telecommunications Retention Act, since 2009, communication data (telephony and internet traffic) of everyone in the Netherlands were stored for 12 months and 6 months, respectively, for the detection and prosecution of criminal offences. In summary proceedings a broad coalition of organisations and businesses demanded that this law be struck down for violating the right to privacy. The plaintiffs were Privacy First Foundation, the Dutch Association of Criminal Lawyers (NVSA), the Dutch Association of Journalists (NVJ), the Dutch Legal Committee for Human Rights (NJCM), internet provider BIT and telecom providers VOYS and SpeakUp. The proceedings were conducted by Boekx Advocaten in Amsterdam.

Stubborn minister

According to the plaintiffs, the Dutch obligation to retain telecommunications (data retention) violated fundamental fundamental rights that protect private life, communications and personal data. That was also the verdict of the European Court of Justice last year, followed by the Dutch Council of State, the Dutch Data Protection Authority and the Senate. Former Justice Minister Opstelten nevertheless refused to disapply the Telecommunications Data Retention Act. The law would be enforced by the minister until an amendment to the law had come into force, which could take years. The court has now given short shrift to this by rendering the law inoperative with immediate effect.

Retention obligation unlawful

On 8 April 2014, the European Court of Justice declared the European Data Retention Directive invalid in its entirety and retroactively. The Dutch Telecommunications Data Retention Act was almost identical to this invalid directive. According to the European Court, the long-term recording of communication data of everyone, without concrete suspicion, violates the fundamental right to privacy. The unlimited and unfocused collection of everyone's communication data as part of so-called 'mass surveillance' is not allowed, according to the Court.

Important precedent

Privacy First is committed to preserving and strengthening everyone's right to privacy, if necessary by conducting lawsuits against the state. The case against the Dutch Bewaarplicht Telecommunicatie lent itself ideally to this, said Privacy First's Vincent Böhre: "Through this mass surveillance, the privacy rights of Dutch citizens were massively violated. It was unacceptable that Minister Opstelten continued to insist on this after the highest European court had already clearly said in April 2014 that this privacy violation was not allowed. Privacy First fights for a society where innocent citizens do not have to feel that they are constantly being watched. The Hague court's ruling is an important step in that direction."

Privacy First expects Dutch telecoms providers to comply with the verdict and stop retaining everyone's communication data for investigation purposes. Should the State decide to appeal the verdict, Privacy First views the verdict of the Hague Court of Appeal with confidence.

The entire judgment can be found at http://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBDHA:2015:2498.