Europe's top court chalks up more strikes against bulk data retention:
Yet more strikes against general and indiscriminate data retention in the EU: The bloc's top court has issued a couple of rulings on joined cases today — one related to a German law on telecoms data retention which had been challenged by Deutsche Telekom and ISP SpaceNet; and another finding fault with the French state's blanket retention of telecoms data which had been challenged after it was used by a financial services regulator in an insider trading case.
"The Court of Justice confirms that EU law precludes the general and indiscriminate retention of traffic and location data, except in the case of a serious threat to national security," the Court writes in a press release on its judgement on the German case referral — which finds the national data retention law seriously interferes with the fundamental rights of people whose data is retained, confirming its previous case-law.
"The general and indiscriminate retention of traffic data by operators providing electronic communications services for a year from the date on which they were recorded is not authorised, as a preventive measure, for the purpose of combating market abuse offences including insider dealing," the CJEU writes in a second press release, on the French referral.
Its ruling there also upholds existing case-law that essentially means EU Member States can't (or, well, shouldn't) deploy creative workarounds to (try to) avoid a CJEU declaration that a national law requiring general and indiscriminate retention of telecoms data is invalid under EU law.
(Score: 2, Funny) by Runaway1956 on Friday September 23 2022, @02:00PM (1 child)
When does the US follow the EU's lead here? There are far too few states working for citizen's privacy. Arguably, California is in the lead in the US, but they trail far behind the EU. Far too many efforts to secure people's data is targeted at specific kinds of data, most recently, data that might correlate to abortions.
Once again, I insist that neither the tech corporations, nor their customers, are entitled to any data.
(Score: 2, Insightful) by Sjolfr on Friday September 23 2022, @09:10PM
California's "data privacy" efforts all rely on the phrase "personal data" that excludes anything that has personally identifying information removed or scrubbed. They also only target medium and larger businesses. Possibly a step in the right direction but likely not really enough to make a difference.
Data itself should be where we focus on privacy. It's just like copyright and patent rights in that it's OUR data. We kind of treat it as such now but all the free apps and websites just make everyone sign/acknowledge agreements about data for any access at all. These types of pay-to-play blanket agreements should either be managed differently or simply illegal. Even when one pays for an app ... it's all the same data mining.
The basics of it starts in, officially, making the individual's digital data private by default. Browsing histories should not be defined as public data. Access to that data should be strictly regulated just like our health care data. Law enforcement can get warrants.
The actual implementation of strict data privacy laws is far more complex though. Data mingles at so many levels.