Volkskrant.nl, 11 March 2015: 'Judge puts line through retention obligation for providers'

“It is over and done with data retention. Private data on internet and telephone use no longer needs to be stored by telecom companies and internet providers. The judge in The Hague ruled that today.

The law mandating the mass collection and storage of data on citizens' internet and phone use (so-called metadata) in the Netherlands must be set aside, the ruling shows. The ruling is a stretch for the police and judiciary, which used the law in detecting serious crime.

The Ministry of Security and Justice says it regrets the ruling and is still considering a possible appeal. The ministry is concerned about the impact of scrapping the data retention obligation on tackling crime.

The largest telecoms provider KPN announced in a press release today that it would immediately stop storing data. The same applies to subsidiaries XS4ALL and Telfort. Internet provider Tweak also writes on its own website to stop storing data immediately.

Investigation agencies

The law requires providers and telecoms companies to store call data for a year. (...) The law is controversial. Last year, the European Court of Justice already ruled that storing communications data of anyone - without concrete suspicion - is a serious invasion of privacy and is not allowed. But that ruling related to the European Detention Directive and does not automatically mean that the Dutch Telecommunications Retention Act, which establishes the retention obligation, is not legally valid.

But the judge denounced the fact that there are no safeguards to ensure that the retention obligation is actually used only to fight serious crime. There should be an independent party to test that. The government argues that that is the Public Prosecution Service (OM). But the court finds the OM is not independent.

And so the law must be taken off the table. This could have "far-reaching consequences for the investigation and prosecution of criminal offences", the court realised. But the potential violation of privacy outweighs the issue here.

Privacy advocates

The case had been brought by the Dutch Association of Journalists, the Dutch Association of Criminal Defence Lawyers and privacy advocate Privacy First, among others. They demanded in summary proceedings that the law be set aside because they claimed data retention was a disproportionate invasion of privacy.

'The interest of privacy rightly outweighs the issue,' one of their lawyers told ANP of the verdict. 'The judge has put an end to the mandatory retention of communication data of everyone, including non-suspect citizens. The judge's verdict is in line with opinions of the Dutch Data Protection Authority and the Council of State.'

The Ministry of Security and Justice informs that following last year's European court ruling, a bill amending the Data Retention Act has been submitted. The court ruling will be taken into account in that. (...)"

Source: http://www.volkskrant.nl/tech/rechter-surf-en-belgedrag-hoeft-niet-meer-bewaard~a3896653/, 11 March 2015.