Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy The Courts

Court Overturns Dutch Data Retention Law, Privacy More Important 38

Posted by samzenpus from the keep-your-eyes-on-your-own-paper dept.
wabrandsma writes According to DutchNews.nl: "Internet providers no longer have to keep their clients phone, internet and email details because privacy is more important, a Dutch court ruled on Wednesday." Digital rights organization Bits of Freedom writes in a blog: "The law's underlying European directive was meant as a tool in the fight against serious crimes. The Dutch law, however, is much more expansive, including everything from terrorism to bike theft. During the hearing, the state's attorneys avowed that the Public Prosecution does not take the law lightly, and would not call on the law to request data in case of a bicycle theft. The judge's response: it doesn't matter if you exploit the possibility or not, the fact that the possibility exists is already reason enough to conclude that the current safeguards are unsatisfactory."
This discussion has been archived. No new comments can be posted.

Court Overturns Dutch Data Retention Law, Privacy More Important More

Court Overturns Dutch Data Retention Law, Privacy More Important

Comments Filter:

  • Hooray! (Score:4)

    by UPi ( 137083 ) on Thursday March 12, 2015 @05:39AM (#49239863) Homepage

    The article does not state which court it was and if the ruling is likely to be overturned, but it's great to see a sudden outbreak of common sense like this one.

    I am happy to maintain my illusion of privacy as far into the 3rd millennium as possible..

    • Re:Hooray! (Score:5, Informative)

      by Sique ( 173459 ) on Thursday March 12, 2015 @05:47AM (#49239881) Homepage
      It does in the second link: District court of The Hague.

    • Yes, especially considering that in my experience, I'd say the mean time before the state prosecutor WOULD be using this law to 'go after bike theft' is about 5 years*, it's necessary.

      I mean, here in the USA they swore up and down that the new terrorism laws would only be used against 'real terrorists'. Apparently today, that includes teenagers who scrawl a 'bomb threat' onto a partition of their school's bathroom.

      *Keep in mind that this means that half the time they'd be exploiting it in LESS than five.

      • Re:Hooray! (Score:5, Insightful)

        by fuzzyfuzzyfungus ( 1223518 ) on Thursday March 12, 2015 @06:41AM (#49240005) Journal
        I don't know why this fact escapes some people; but that's (one of) the problems with the 'trust me' argument. Sure, maybe I do trust you with my very life as a sworn blood brother who saved my life a dozen times at great peril to his own and whatnot. That's heartwarming. Doesn't matter a bit when you retire and your successor takes over.

        In practice, it's even worse, since there are usually organizational incentives to ratchet up the transgressions(pollsters say that the public is concerned about crime? Politicians respond by promising to Get Tough and pushing the use of previously underexplored capabilities, game over.) Any system that depends on 'trust' in a person or agency is, in fact, not really a rule of law; but a rule of the hopefully-continued discretion of that person or agency.

        • Doesn't matter a bit when you retire and your successor takes over.

          VERY good point. I darn well know I was intending to put it in my post. Most cabinet level positions don't actually last all that long.

      • In a recent corruption case (to which you can disagree as to the seriousness, I think it is very serious but definitely not as serious as terrorism), the prosecutor engaged with the FBI and ultimately Apple (source [google.com]) to get his iPad decrypted. Although the case requires a good research into the suspect, it is questionable whether there was any need to go to these great lenghts.
        As a background, the Dutch (officials) have a standing as being the nation with some of the most telephone taps in the world - withou

        • In a recent corruption case (to which you can disagree as to the seriousness, I think it is very serious but definitely not as serious as terrorism),

          Hmm... I'm going to go with 'less serious than those I really consider terrorists', but 'more serious than a teenager scrawling a bomb threat on a bathroom wall'.

          Given that I can only get the general idea from the google translation, I can't really say further because I don't know how wide reaching it is. If the Dutch law enforcement really likes their wire taps and are abusing them, then yes, they need to draw back. It's a constant fight between people's freedoms and law enforcement's need to enforce th

  • Holy crap, score one for the good guys. I have no idea how much practical effect this will have on the 5 Eyes/NATO/EEC surveillance machine, but if nothing else it gives hope that basic concepts of liberty and privacy are not completely dead.

    Could one of our EU folks enlighten an ignorant Yank on the force a national judge's ruling carries with regard to EU-wide law and regulations?

    • Re:Be Still, My Heart (Score:5, Informative)

      by Sique ( 173459 ) on Thursday March 12, 2015 @06:02AM (#49239911) Homepage
      It gets really complicated here.

      First, the EU directive on which this law was built upon, itself was already pulled because of being too unbalanced. Thus the Netherlands are no longer required to have a data retention law at all. So, from an EU point of view, no one in Brussels actually cares anymore if the Netherlands have a data retention law. They can do so if they want, but that's an entirely different matter (and even a new one has to take into account the verdict of the European High Court which pulled the old directive).

      Second: If a new directive was in place which conforms to the verdict of the European High Court, the member states have to work out new data retention laws which also conform to the verdict and to their respective constitutions. If they don't manage to do so, they will be sued for EU contract violation, and then they have to argue why their new data retention law is not in place yet. This could even work out to the theoretical new directive being pulled too, if not enough member states are able to create constitutionally acceptable data retention laws.

      But all those laws define requirements for telcos and internet providers, they totally leave out the ability or the legality of secret service agencies to gain access to the data and create their own data retention. My guess is that the whole data retention bruhaha came up because the spy agencies already did all those things without a legal base, and now the governments wanted them to be legalized in a way that the results could be used in the open. Maybe some envy between police forces and spy agencies also played a role, and the police wanted to have the same abilities.

    • Re:Be Still, My Heart (Score:5, Informative)

      by pjt33 ( 739471 ) on Thursday March 12, 2015 @06:08AM (#49239931)

      The short answer is that a national judge's ruling doesn't directly affect other countries, although it could indirectly affect them if it leads to an appeal to a European court and their ruling clarifies the law in a way which is incompatible with other countries' implementations.

      The longer answer: EU law works by means of "directives" which each country then implements in its national law. Each directive comes with a deadline to implement it, although typically most countries miss the deadline. But in principle the European Commission can sue a country which fails to implement a directive, and fines can be levied. The issue here is that the Dutch implementation of the Data Retention Directive [wikipedia.org] went further than the minimal requirements, and the judge has ruled it incompatible with other European law. (It's not clear from either of the articles whether that was the Data Protection Directive [wikipedia.org] or the European Convention on Human Rights* [wikipedia.org]).

      The two main options now would be that the Dutch government appeals to a European court (the European Court of Justice if it was the Data Protection Directive that formed the basis of the ruling, or the European Court of Human Rights if it was the ECHR); or that it passes a replacement law which sticks closer to the Data Retention Directive. If it doesn't do either of those, it would be failing to fulfil its obligation to implement that directive.

      * Not EU law, but I think all EU countries are members of the European Council, and the most recent constitutional treaty of the EU commits the EU as an organisation to acceding to the ECHR.

      • Re: (Score:3)

        by pjt33 ( 739471 )

        Ah, looking at the other answers it turns out that I'd missed that the Data Retention Directive has been overturned by the ECJ. Still, I hope I've given you a useful framework for understanding other news about European legislative matters.

  • This is actually a completely unsurprising decision, since there already was a European law saying that such data retention is illegal. However, this European law postdates the Dutch law, and therefore this is just a "fix" of the Dutch law. It is widely described as such.

    So while in principle this is a great decision, it is no surprising decision run my good motives: like seemingly all good decisions that are being taken in European countries, they are motivated by EU law. Which time and time again appears

    • Re: (Score:2)

      by Sique ( 173459 )
      Actually, there is no EU law to forbid data retention. To the contrary, there was a EU law (a directive) that every member state has to have a data retention law. And this directive was pulled because in the current form, it was considered unconstitutional. Thus no member state is required to have data retention anymore, and if they have, it has to conform to the verdict of the European High Court.

      • Re: (Score:2)

        by tulcod ( 1056476 )

        Ah, I guess I should rephrase: it was realized that such data retention is unconstitutional only *after* this Dutch law was implemented. And since, by extension, the Dutch law is now unconstitutional in the EU (on could say it always was, but the point is that this fact was only established later), it should be scrapped.

        Thanks.

        • Re: (Score:2)

          by mvdwege ( 243851 )

          It has nothing to do with it being unconstitutional. Dutch judges are expressly forbidden to judge on that subject, see my other post on this thread for details.

    • Re:Also EU law is more important (Score:5, Interesting)

      by mvdwege ( 243851 ) <mvdwege@mail.com> on Thursday March 12, 2015 @06:24AM (#49239965) Homepage Journal

      It is in fact a rather surprising decisions, since Dutch judges have no tradition of ruling in 'contra legem' procedures; they are in fact forbidden by the Constitution to do so (article 120 says judges shall not judge the constitutionality of laws and treaties).

      Now, the loophole here is that treaties are considered higher law than the Constitution, so judges can rule local laws in violation of a treaty[1]. They don't tend to do that in mere district court though.

      Apparently the case made by complainant was compelling enough, and the governments argument weak enough, that a mere district judge felt they could safely make that ruling.

      [1] On the gripping hand, the principle of subsidiarity means that if a case is covered by the Constitution as well as a treaty, judges are supposed to use the Constitution as the basis for their decision, once again invoking art. 120. But of course if the Constitution and the treaty align enough, appealing to treaty law wouldn't work anyway.

      • They can't judge the constitutionality of laws and treaties, but they are allowed to judge whether a law is against a treaty, which is what they did in this case. And treaties in the Netherlands are senior to laws.
  • Its not what the law is intended to be used but how it can be used. Just cause you claim a law you want passed is to prevent child porn which for a while of laws like SOPA or PIPA. That was what they claimed the law was to prevent, it was written could be abused and used against just about anything they wanted to use it for. DMCA was wrote to remove illegal illegal content from sites, but language was so vague its been abused by RIAA/MPAA groups to allow them to extort money from people.

  • Why does anyone try(or accept) this? (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Thursday March 12, 2015 @06:36AM (#49239987) Journal
    I've never understood the willingness to use(or the willingness to accept often enough to make using worthwhile) the "Just trust us and our discretion!" argument.

    So, benefit of the doubt, maybe they are telling the truth when they say "During the hearing, the state's attorneys avowed that the Public Prosecution does not take the law lightly, and would not call on the law to request data in case of a bicycle theft." Fan-fucking-tastic. Even if I do believe them, do I have any reason to suspect that their successors will be as disciplined, or even as interested? No, no I don't.

    It seems like some sort of category error, possibly related to the fact that (in evolutionary terms) we were basically living in tiny kin groups about 10 minutes ago; but in political science terms we haven't really been doing that in a millennium or two. "Trust" is all well and good(actually, very good, it has all sorts of advantages in making things go smoothly and reducing stress and anxiety) among people you interact with; but it's a dangerous thing to extend to institutions, except in its(quite different) sense of 'something is "trusted" if the overall correct function of the system depends on that thing behaving as expected, and there are not external constraints that will assure this'.

    When it comes to neighbors, friends, and the like, sure, "trust" is a good thing. When it comes to institutions, the most trustworthy person is the one who says "I'd like to think that you'd find me personally trustworthy, if you knew me socially; but in my official capacity, I don't want you to have to trust me. You should have independent safeguards that would function even if I were a total shitweasel.

    In this sort of law enforcement case, if they are so responsible and all, and would never use the law for minor purposes, why does the law allow for use in minor cases? Shouldn't it be uncontroversial to principle-of-least privilege and eliminate the possibility of such use? After all, law enforcement has already said that they have no interest in such capabilities, so surely they won't mind?

    • Re: (Score:1)

      by Anonymous Coward

      Even if the public prosecutor would use it for a bicycle theft, you'd still have the issue of judges rejecting the evidence.

      Also, when the Dutch government officially sets a policy (like disallowing this method in case of misdemeanors), they can't silently reverse that. Government policy within the boundaries of the law can be changed without prior permission of parliament, but it's still subject to parliamentary overview.

      And finally, with a functioning multi-party democracy (7 of the current parties have b

  • I don't care too much for weed, but this pretty much seals the deal. Dutch is a pretty funny language anyway, guess I should be able to learn it.

Slashdot Top Deals

Make sure your code does nothing gracefully.

Close