EU Court - the last bastion for privacy?
The Court of Justice of the European Union has announced that Sweden’s existing and proposed law, the Electronic Communications Act, is too general and lacks safeguards for implementation.
In a press release dated October 6, 2020, the Court of Justice of the European Union delivered a slap in the face to Sweden's law for electronic communications (LEK) and its Covert Surveillance of Data Act, as well as similar implementations in other EU countries.
The court’s conclusion in short
- General and indiscriminate retention of traffic data and location data is not allowed.
- Even if a serious threat to national security exists and it proves to be genuine and present or foreseeable, an order to collect data for a limited period of time deemed strictly necessary must be reviewed either by a court or by an independent administrative body.
- Internet Service Providers can only retain IP addresses for a limited period of time that is deemed strictly necessary. Legislative measures regarding general and indiscriminate retention of IP addresses assigned to the source of a communication are not allowed.
- Violating any of the above invalidates any evidence or information that has been gathered and bans it from being used in court.
The laws, which lack safeguards to ensure that they are implemented and executed correctly, must be rewritten.
We will keep an eye out for how affected member states adhere to this.
For the universal right to privacy,
Mullvad VPN