Key elements of the European Union Data Retention Directive, which successive UK governments have tried and failed to implement in the UK, are incompatible with the "Charter of Fundamental Rights" and, therefore, unlawful.
In an opinion delivered today, the EU Advocate General Pedro Cruz Villalón claims that the Directive is incompatible with the requirement under the Charter that any limitation on a fundamental right "must be provided for by law", and argued that the two-year retention period is excessive. However, he rejected arguments that the data retention requirement itself is a breach of EU human rights laws.
According to Villalón, the Directive "constitutes a serious interference with the fundamental right of citizens to privacy, by laying down an obligation on the providers of telephone or electronic communications services to collect and retain traffic and location data for such communications".
It continued: "The Advocate General points out, in this regard, that the use of those data may make it possible to create a both faithful and exhaustive map of a large portion of a person's conduct strictly forming part of his private life, or even a complete and accurate picture of his private identity.
"There is, moreover, an increased risk that the retained data might be used for unlawful purposes which are potentially detrimental to privacy or, more broadly, fraudulent or even malicious."
On top of that, it is also incompatible with the "principle of proportionality" by requiring internet service providers and other organisation to retain data for up to two years. At the same time, though, the Advocate General saw no reason to recommend a retention period of less than one year.
Furthermore, he did not oppose the overall principles of the Data Retention Directive: "The Directive pursues an ultimate objective that is perfectly legitimate, that is to say, the objective of ensuring that the data collected and retained are available for the purpose of the investigation, detection and prosecution of serious crime, and may be regarded as appropriate and even, subject to the guarantees with which it should be coupled, as necessary."
The opinion follows a complaint by Digital Rights Ireland, which argued that Irish authorities breached the civil and human rights of its customers by requiring the company to retain their personal digital data under Ireland's implementation of the Directive.
The Data Retention Directive was passed in 2006 and has been implemented in most European Union countries. However, in the UK it has faced repeated opposition when governments - whether Labour or coalition - have attempted to pass Communications Data Bills.
When in opposition, David Cameron explicitly opposed the Communications Data Bill - only to introduce his own, new version when in government.
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed