An Irish challenge to the EU's snooping law

Becky Hogge
30 January 2007

It's all so much simpler in America. If you don't like something, you litigate.

The San Francisco-based Electronic Frontier Foundation regularly releases its crack team of legal hounds on defendants as diverse as Sony BMG and AT&T - anyone who should presume to compromise fundamental freedoms in the digital age. Until now, European digital rights activists, if they are to get their voices heard, have had to be content with the more mundane pursuits of lobbying their elected representatives and informing and educating the national press. But thanks to a small group on the edge of the European Union, this state of affairs is about to change.

Formerly openDemocracy's technology editor, Becky Hogge is executive director of the Open Rights Group. Her writing on music, technology and intellectual property law has been published in several British and international publications, including the UK Guardian, Index on Censorship and Dazed and Confused. She blogs here

Read Becky's "Virtual Reality" column on openDemocracy here

In September 2006, Digital Rights Ireland (DRI) - a group of volunteer activists - took legal action against their own government in the Irish High Court. Their aim is to challenge one of the most controversial pieces of legislation brought onto the European statute books in recent years: the EU Data Retention Directive. It's a make-or-break move for the young organisation, which launched officially at the end of 2005. If its challenge is upheld, it could signal the end of the contentious directive, an outcome that would be celebrated by digital rights activists across the European community.

The EU directive calls for telephone companies and internet service providers to keep records of communications traffic data for each one of their customers for a period of up to three years. Communications traffic data is a log of who you have called or emailed, when, and - in the case of mobile telephones - where you were at the time. The very thought of it is astounding. Although the content of your emails and telephone calls would remain private, the data stored would be more than enough to create a detailed picture of your colleagues, friends and lovers, your lifestyle, your movements, even your sleeping patterns.

What's more, the directive comes clearly marked with that familiar health warning "anti-terrorism legislation" (it was first proposed after the Madrid train bombings of 11 March 2004), and as such is worryingly equivocal on who will have access to this data. Indeed, sloppy wording means it could well be searched for clues in civil as well as criminal investigations. Tellingly, during negotiations, some lobbyists for the music industry expressed interest in using the data in their fight against peer-to-peer file sharing.

At the time, and as reported by Monica Horten for openDemocracy, several voices from inside the European legislature raised concerns about the draft law. One such voice was the Article 29 Working Party, tasked with ensuring data held on individuals in companies and institutions across Europe are adequately protected. The group cautioned that the purposes for which data can be used, and those who can access it, should be clearly spelt out in the directive, and that police and intelligence agencies should be prevented from mining information on otherwise innocent people for suspicious travel and communications patterns. Further cautions came from the European Parliament's Committee on Civil Liberties, Justice and Home Affairs.

The scale upon which the EU data directive invades the privacy of individuals is unreal. Yet it was passed at the end of 2005 with many of these concerns still hanging over it. The process via which the directive was passed - the so-called codecision process - allowed little scope for scrutiny or debate in the European Parliament, and did not require the usual unanimous vote in the Council of Ministers. Brussels emerged once again as an unstoppable force of unadulterated power. Many digital rights activists sighed and withdrew from the fight, awaiting the deadline for member-state compliance - in the middle of this year - to reinvigorate their campaigns. But not Digital Rights Ireland.

Perhaps DRI members were overcome with the knowledge that their elected representatives - whose motivations could well be called into question, given that they were under pressure to justify their own data-snooping at the time - had so vocally supported the directive. But seeing that a case could be made against the directive using both the Irish Constitution and the European Convention on Human Rights, they seized their opportunity. DRI's statement of claim argues that the act and those in Ireland responsible for its passage are ignoring safeguards on privacy, confidentiality, freedom of communication, the right to travel, to family life, to prior notice of surveillance, and to a free and fair public hearing. In short, DRI's accusation is that the EU Data Retention Directive is incompatible with a democratic society.

Despite the detailed claim, the Irish High Court is only a stepping stone for Digital Rights Ireland. The group has set its sights on the European Court of Justice (ECJ), the EU's supreme court. The Irish High Court is expected to refer the case to the ECJ almost automatically, but the bureaucratic slowness of both institutions means that the case is not likely to be heard in Luxembourg until near the end of this year. In the meantime, expect other member-states to stall on implementing the directive while they await the outcome of the Irish challenge. An ECJ ruling in favour of Digital Rights Ireland will send the entire directive back to the drawing board.

It's worth noting that another case challenging the EU Data Retention Directive is currently awaiting a hearing in the ECJ. That case was brought - bizarrely - by Ireland. Together with Slovakia, Ireland is contesting the way the directive was passed. The two countries' shared interest is clear: if unanimous votes of the Council of Ministers are routinely sidestepped for the sake of expediency, smaller countries like Ireland and Slovakia -- with lower levels of representation in the European Parliament -- will start to lose their influence. The complaint is one of procedure, not principle, although the fact that it is being brought by one of the directive's most vocal supporters is more than a little odd.

So there you have it. It might not be as sexy as impact litigation in the US Supreme Court using nothing but the first amendment to the constitution, but it's a start - and a courageous one at that. Digital Rights Ireland has a tremendous case, with the potential to reap valuable rewards for the entire European community. But it also has a long fight ahead. DRI deserves the support and encouragement of any European with even a passing interest in justice and democracy.

Urgent: help us expose dark money in politics

Cambridge Analytica was the tip of the iceberg. openDemocracy is investigating how dark money is influencing what we see, hear and think across the world. We have many fresh leads to chase down, but need your support to keep going. Please give what you can today – it makes a difference.

Had enough of ‘alternative facts’? openDemocracy is different Join the conversation: get our weekly email


We encourage anyone to comment, please consult the oD commenting guidelines if you have any questions.
Audio available Bookmark Check Language Close Comments Download Facebook Link Email Newsletter Newsletter Play Print Share Twitter Youtube Search Instagram