Court rules that the EU's data retention law violates privacy rights

The European Union has argued that telecom companies must hold on to internet and phone records for long periods to help track down evildoers, but the European Court of Justice disagrees -- vehemently. It just ruled that the EU's Data Retention Directive, which preserves metadata for up to two years, is a "wide-ranging and particularly serious" violation of the EU's privacy rights. It collects more information than necessary, doesn't establish firm limits and lets companies send data outside of the EU, according to the ruling. While the Directive doesn't scoop up actual content, the court believes that the unrestricted collection allows too much insight into people's daily activities and social connections. Sound familiar? It should. The ruling acknowledges the privacy concerns that prompted the US' proposed metadata reforms, but goes one step further -- the court is contending that bulk data retention by itself is dangerous without serious restrictions.

The ruling is a victory for privacy advocates, but it doesn't solve Europe's problems just yet. EU member states still have to amend their laws to fall in line with the decision, for a start. Also, the law's invalidation leaves nations in a tricky position. They can still require that telecoms hold on to metadata, but it's not clear what the new standard should be -- or what companies should do with info they've been told to keep under EU rules. Until there are new data retention guidelines in place, those firms will have to deal with at least some uncertainty.

[Image credit: Gwenael Piaser, Flickr]