Law & Politics

"A Dutch court struck down a law requiring telecoms and Internet service providers to store their clients' private phone and e-mail data, saying it breached European privacy rules.

"The judge ruled that data retention is necessary and effective to combat serious crime. Dutch legislation however infringes on the individual's right to privacy and the protection of personal data," the Hague district court said.

"The law therefore contravenes the Charter of Fundamental Rights of the European Union," the court said in a statement.

Seven groups and organisations including privacy watchdog Privacy First and the Dutch Association of Journalists dragged the Dutch state to court last month over the issue.

The Dutch court's decision comes after the European Court of Justice in April 2014 struck down the European Union law that forced telecoms operators to store private phone and e-mail data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.

Advocate General Pedro Cruiz Villalon declared the 2006 legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.

The 2006 directive called for EU states to store individuals' Internet, mobile telephone and text metadata – the time, date, duration and destination, but not the content of the communications themselves – for six months to two years.

This data could then be accessed by national intelligence and police agencies.

"The privacy rights of Dutch citizens were violated en masse by this mass surveillance," said Vincent Boehre of Privacy First.

"Privacy First fights for a society in which innocent civilians do not have to feel that they are being constantly monitored," he said on the organisation's website in response to the ruling.

"The verdict of the Hague tribunal is an important step in that direction," said Boehre."

Source: http://www.thestar.com.my/Tech/Tech-News/2015/03/12/Dutch-court-nixes-data-storage-law-says-privacy-breached/, 12 March 2015.

"A Dutch court on Wednesday struck down a law requiring telecoms and Internet service providers to store their clients' private phone and email data, saying it breached European privacy rules.

"The judge ruled that data retention is necessary and effective to combat serious crime. Dutch legislation however infringes on the individual's right to privacy and the protection of personal data," the Hague district court said.

"The law therefore contravenes the Charter of Fundamental Rights of the European Union," the court said in a statement.

Seven groups and organisations including privacy watchdog Privacy First and the Dutch Association of Journalists dragged the Dutch state to court last month over the issue.

The Dutch court's decision comes after the European Court of Justice in April 2014 struck down the European Union law that forced telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.

Advocate General Pedro Cruiz Villalon declared the 2006 legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.

The 2006 directive called for EU states to store individuals' Internet, mobile telephone and text metadata - the time, date, duration and destination, but not the content of the communications themselves - for six months to two years.

This data could then be accessed by national intelligence and police agencies.

"The privacy rights of Dutch citizens were violated en masse by this mass surveillance," said Vincent Boehre of Privacy First.

"Privacy First fights for a society in which innocent civilians do not have to feel that they are being constantly monitored," he said on the organisation's website in response to the ruling.

"The verdict of the Hague tribunal is an important step in that direction," said Boehre."

Source: http://www.bangkokpost.com/tech/world-updates/494578/dutch-court-nixes-data-storage-law-says-privacy-breached, 12 March 2015.

"A judge scrapped the Netherlands' data retention law Wednesday, saying that while it helps solve crimes it also breaches the privacy of telephone and Internet users.

The ruling followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Security and Justice Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' Internet use for six months.

The written judgment by Judge G.P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organizations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The government said after last year's European court ruling that it would amend its law.

In a written statement, the Security and Justice Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://thechronicleherald.ca/business/1274008-judge-overturns-dutch-data-retention-legislation, 11 March 2015.

"A Dutch court Wednesday handed a victory to privacy advocates by striking down a data-retention law that gives the government easy access to telecommunication data.

The District court of The Hague said the law, which requires telecom providers to collect and store data for as long as 12 months, violates citizens' right to privacy and the right to protection of personal data. "The judge finds that this violation is not limited to what is strictly necessary," it said.

The ruling, which can still be appealed, is a blow to the Dutch government, which said the law was important to fight terrorism and organized crime. But it is a victory for privacy advocates, journalists and criminal lawyers in the Netherlands who argued that the law was unconstitutional because data are kept regardless of whether citizens are a suspect or not.

A spokesman for the Dutch ministry of Security and Justice wasn't immediately available to comment on the ruling.

The court's decision is effective immediately, which means that telecommunication companies are no longer obligated to store and collect data.

Most of the big providers weren't immediately available for comment, with some saying their legal experts need time to assess the implications.

"There are multiple layers in this ruling. We need to know how we should interpret it," a Tele2 spokesman said.

The lawsuit was the latest in a decade of legal challenges to data-retention across Europe. First adopted under an European Union directive dating to 2006, such rules generally require telecom providers to collect and store data about their users' mobile phone traffic and location for as long as two years.

But in several countries, including Germany, data-retention laws have since been tossed out on privacy grounds. And last spring, the European Union Court of Justice, the bloc's highest court, struck down the underlying directive requiring countries to implement the rules in the first place, saying it didn't have sufficient safeguards for individual's right to privacy.

In the Netherlands, where a data-retention law was enacted in 2009, the Dutch government has shown reluctance to scrap the law for security reasons. (...)"

Source: http://blogs.wsj.com/digits/2015/03/11/dutch-court-strikes-down-countrys-data-retention-law/, 12 March 2015.

"A judge scrapped the Netherlands' data retention law Wednesday, saying that while it helps solve crimes it also breaches the privacy of telephone and Internet users.

The ruling by a judge in The Hague followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Security and Justice Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' Internet use for six months.

The written judgment by Judge G.P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organizations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The government said after last year's European court ruling that it would amend its law.

In a written statement, the Security and Justice Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11415850, 12 March 2015.

"A judge in the Netherlands has struck down a Dutch law that forces local telcos to store customer internet and phone metadata.

The law is similar to legislation being proposed by the Abbott government.

The ruling by a judge in The Hague on Wednesday followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The judge said that while the metadata retention law helped solve crimes, it also breached the privacy of telephone and internet users.

The Dutch Justice and Security Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' internet use for six months.

The written judgment by Judge G. P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

The ruling follows Australian Communications Minister Malcolm Turnbull telling the bosses of news organisations concerned about journalists' sources being exposed that Australia's data retention bill was being overblown as an issue.

The government wants the bill legislated by the end of this month.

The minister, who began meeting the bosses this week, said his message to them was that law enforcement and security authorities already had access to metadata and there were no exemptions for journalists.

"The only thing the data retention law is requiring is that types of metadata which are currently retained will be retained in the future for at least two years," Mr Turnbull told ABC Radio on Wednesday.

"This whole metadata retention issue has been overblown by a lot of people; the changes are not as substantial as people make out."

The Dutch ruling also comes as Prime Minister Tony Abbott's office began offering briefings to media organisations with Australian Federal Police officials in an attempt to calm their concerns. The briefings are being arranged for several of Australia's most prominent media bosses before they front an inquiry examining the protection of journalists' sources on March 20, where they are expected to oppose Australia's data retention laws on the basis that they will result in journalists' sources being exposed in leak investigations.

The media bosses' concerns follow Britain rushing through guidelines for access to journalists' metadata after it was revealed that more than 600 applications in a three-year period were made for journalists' metadata by 19 different law enforcement agencies.

The Australian Federal Police has repeatedly refused to provide Fairfax Media with similar figures in Australia and recently refused to divulge the figure under freedom of information laws to another publication.

In the 2013-14 financial year, there were more than 500,000 disclosures of metadata to various agencies, including Centrelink, the Tax Office, Australia Post and traditional policing agencies.

Critics have described the Australian proposal as unnecessary, not proportionate, and a privacy violation.

The Australian journalists' union, the Media, Entertainment and Arts Alliance, said it would have a "chilling effect" on reporting.

But Mr Turnbull said the two-year retention period was vital for investigating crime and terrorism.

After the Dutch ruling, Privacy First, one of the organisations that took the Dutch government to court, said the ruling would "bring to an end years of massive privacy breaches" in the Netherlands.

In a written statement, the Dutch Justice and Security Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://www.smh.com.au/digital-life/consumer-security/dutch-do-a-uturn-on-metadata-laws-20150312-141rkl.html, 12 March 2015.

"A Dutch court has scrapped a national data retention law. The judge ruled that, although saving metadata might help solve crimes, it certainly breached the privacy of telephone and Internet users.

A court in the Netherlands struck down a law requiring telecoms and Internet service providers to store their clients' private phone and email data, saying it breached EU privacy rules. The decision took effect immediately on Wednesday, but officials announced that the Security and Justice Ministry could appeal.

"The judge ruled that data retention is necessary and effective to combat serious crime," according to the district court in The Hague. "Dutch legislation, however, infringes on the individual's right to privacy and the protection of personal data." The court added that "the law therefore contravenes the Charter of Fundamental Rights of the European Union."

The law had previously required telephone companies in the Netherlands to store information about all fixed and mobile calls for a year. Internet providers had to store information on their clients' use for six months.

In April 2014, the European Court of Justice struck down a 2006 EU law forcing telecoms to store electronic metadata - the time, date, duration and destination of communiques, but not the content - for up to two years. The practice was ruled to be invasive, despite the claimed anti-terror potential. Advocate General Pedro Cruz Villalon had declared the 2006 legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.

'Far-reaching crime'

The written ruling by Gerard van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes," but, the judge added, this could not justify the privacy breaches that the law entails. The judge did not set a deadline for disposing of the data.

According to Privacy First, one of seven organizations that took the government to court last month, the ruling "will bring to an end years of massive privacy breaches." The Dutch Association of Journalists was also a party to the suit.

After last year's ruling in the EU court, the government had announced that it would amend its law. However, in a written statement released on Wednesday, officials from the Security and Justice Ministry criticized the court's decision.

"Providers are no longer required to store data for investigations," the officials complained in the statement. "The ministry is seriously concerned about the effect this will have on fighting crime."

The extent to which governments and corporations monitor private individuals has risen to the forefront in the wake of a series of documents released since 2013 by the American intelligence whistleblower Edward Snowden. According to the latest report, New Zealand has monitored neighbors in the Asia-Pacific region. A new anti-terror law in China requires that foreign corporations allow the government to access their data.

The Wikimedia Foundation has sued the US National Secutiry Agency over its mass surveillance of private individuals. And consumer advocates have lashed out at large corporations that harvest personal data for commercial purposes."

Source: http://www.dw.de/in-hague-court-rules-for-dutch-tech-privacy-advocates/a-18308553, 11 March 2015.

"A judge scrapped the Netherlands' data retention law Wednesday, saying that while it helps solve crimes it also breaches the privacy of telephone and Internet users.

The ruling by a judge in The Hague followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Security and Justice Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' Internet use for six months.

The written judgment by Judge G.P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organizations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The government said after last year's European court ruling that it would amend its law.

In a written statement, the Security and Justice Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://abcnews.go.com/Technology/wireStory/court-scraps-dutch-data-retention-law-cites-privacy-29551938, 12 March 2015.

"Judge in The Hague says country's regime for retaining telephone and internet users helps to solve crime but is too intrusive.

A judge has scrapped the Netherlands' data retention law, saying that while it helps solve crime it also breaches the privacy of telephone and Internet users.

The ruling by a judge in The Hague followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Dutch security and justice ministry said it was considering an appeal.

Under the Dutch law telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' internet use for six months.

The written judgment by Judge GP van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entailed.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organisations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The Dutch government said after last year's European court ruling that it would amend its law. In a written statement the security and justice ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime."

Data retention has been a heated issue in light of Edward Snowden's revelations about the activities of the National Security Agency in the US and its affiliates overseas.

In Australia, a key US intelligence ally, the government is currently considering its own data retention package, which would store certain types of Australians' phone and web data for two years.

Privacy concerns have been raised and a lengthy political debate has ensued amid confusion within the government itself over how far the laws would extend or what would be retained. But the bill is now closer to passing with the support of a parliamentary committee involving both major parties.

The government in Canberra has agreed to hold a separate hearing into the issues of law enforcement agencies access to journalists' metadata, and news outlets will appear before a parliamentary hearing on 20 March."

Source: http://www.theguardian.com/technology/2015/mar/12/data-retention-netherlands-court-strikes-down-law-as-breach-of-privacy, 12 March 2015.

"The Dutch data retention law requiring telecommunications operators and ISPs to store customer metadata for police investigations was scrapped by the District Court of the Hague on Wednesday.

The court found that the law violates fundamental European Union privacy rights. The question remains though whether the law should be inactivated indefinitely, as the case can be appealed by the Dutch state, a court spokesman said. However, pending the outcome of any possible legal procedures the law will remain inactive, he said.

The Dutch Ministry of Security and Justice declined to comment as it was still studying the verdict.

The law suspended by the court was based on the EU's Data Retention Directive, which was invalidated by the Court of Justice of the EU (CJEU) last year, also because it violated fundamental privacy rights.

Despite that ruling though, the Dutch government decided in November last year to largely maintain its national data retention law on the grounds that it "is indispensable for the investigation and prosecution of serious criminal offenses." Only a few adjustments were made, which mainly tightened who had access to what data and under what circumstances.

Not satisfied with that approach, a broad coalition of organizations, including Privacy First, the Dutch Association of Criminal Defense Lawyers, the Dutch Association of Journalists, the Dutch Section of the International Commission of Jurists, ISP BIT and telecom companies VOYS and SpeakUp, sued the government in January to get the law invalidated.

The court, ruling in their favor, criticized the overly broad scope of the law in its verdict.

Data retention rules were introduced after terror attacks in London and Madrid in 2004 and 2005 with the aim of fighting serious crime. However, the Dutch law also allowed law enforcement to retrieve data in the case of a bicycle theft, the court noted. And while the government promised not to use the law lightly, the fact remains that the opportunity to do so exists and there are no safeguards to effectively restrict access to information to what is strictly necessary for the fight against only serious crime, the court found.

What's more, under the scrapped law, access to data is not subject to a prior review by a court or independent administrative authority, the court said. Thus, the law violates articles 7 and 8 of the Charter of Fundamental Rights of the EU, which cover the right to a private life and the protection of personal data.

While the inactivation of the law may have profound implications for the investigation and prosecution of criminal offenses, that does not justify the persistence of the infringement, the court said.

The verdict probably means that ISPs and telecom companies can now stop retaining data, but when or whether they will do so is unclear. BIT did not immediately respond to a request for comment. A spokesman for Dutch ISP XS4ALL said the company can probably stop retaining data and delete existing records but wants the legal department to make absolutely sure it can before it will do so.

The Netherlands is not the only country where a law based on the EU Data Retention Directive was invalidated. A similar law was axed by the Constitutional Court of Austria in the wake of the CJEU ruling, for example, while Germany's data retention law was ruled unconstitutional long before the CJEU ruling.

In Sweden, meanwhile, the government maintains that the national data retention law can still be applied. And in the U.K., a new data retention law was rushed through by the U.K. government in December, replacing the one that was based on the EU directive. That new law will be reviewed by the country's High Court though to determine if it violates human rights."

Source: http://www.pcworld.com/article/2895356/dutch-court-scraps-telecommunications-data-retention-law.html, 11 March 2015.