Data Retention under the 2016 “Yarovaya Law” in Russia: Disrupting the European Status Quo?15 marzo 2017 -
Di Oleg Soldatov
Back in 1998, Prof. Goldsmith concluded that both cyberspace and ordinary transactions involve people in real space transacting with other people in real space, which sometimes causes real-world harms. At times, therefore, in the digital domain as in the “real world”, some of the recognised human rights may be temporarily or permanently restricted to prevent criminal activities. State security concerns stemming from a terrorist threat seem to present a reason du jour for many governments to set limitations on privacy in digital communications. In the recent words of Vĕra Jourová, EU Commissioner for Justice, Consumers and Gender Equality,‘The recent terror attacks have reminded us of the urgent need to address illegal online hate speech. Social media is unfortunately one of the tools that terrorist groups use to radicalise young people’.
The post-9/11 era “can be characterised by the desire and ability of governments to develop mass surveillance systems, largely unseen and until recently unsuspected” and “a common trend can be discerned whereby governments monitor the communications and online behaviour of the vast majority of ordinary citizens.”
Whereas the European Court of Human Rights (“ECtHR”) has often extended a margin of appreciation to the member states when privacy rights have clashed with national security concerns, at the EU-level the attempt to codify data retention rules in an overly wide manner was quashed by the European Court of Justice (“ECJ”). The events unfolded as follows: the 2006 EU Data Retention Directive prescribed the storage of EU citizens’ telecommunications metadata for a minimum of 6 months and at most 24 months and allowing, conditional upon the court approval, an access of the investigative authorities to the details such as IP addresses and times of use of every email, phone call and text message sent or received.
The data retention used to serve the purpose of preventing, investigating, detecting and prosecuting serious crimes, such as organized crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid on the grounds that the interference with the fundamental rights to respect for privacy and the protection of personal data was not limited to what was strictly necessary. In December 2016, the Court further elaborated that the EU law precludes national legislation that prescribes general and indiscriminate retention of data.
Altri Articoli della categoriaArchivio
- 19 settembre 2017 -Il regolamento UE 2016/679 sul trattamento e la circolazione dei dati personali: una sintetica ricognizione
- 08 settembre 2017 -Guida V al Regolamento Privacy UE 2016/679: la disciplina generale del consenso al trattamento dei dati personali
- 06 settembre 2017 -Il global take-down al vaglio della Corte di Giustizia dell’Unione europea
- 26 luglio 2017 -Le “certificazioni privacy” ed il Regolamento UE
- 11 luglio 2017 -Un primo commento alla legge sul cyberbullismo