Oct. 6 (UPI) — The European Court of Justice ruled Tuesday that member states cannot collect mobile and Internet data en masse, saying it’s illegal to gather such “general and indiscriminate information.”
The court ruling answered several cases brought by Privacy International and La Quadrature du Net.
Austrian privacy advocate Max Schrems had filed a lawsuit based on work by whistle-blower Edward Snowden that showed the United States doesn’t offer sufficient protection against surveillance by public authorities. His lawsuit opened the initial inquiry that lead to Tuesday’s decision.
“EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security,” the court said in a statement.
The court ruled in recent years that prevailing EU law bars member states from mandating that communications companies keep data and information on citizens.
In its decision Tuesday, however, the court carved out areas where electronic data gathering can still be accessed by law enforcement.
“Institutions where a member state is facing a serious threat to national security that proves to be genuine and present or foreseeable, that member state may derogate from the obligation to ensure the confidentiality of data,” it said.
The EU court has previously restricted how U.S. firms could send European user data to the United States after determining residents in the bloc had little recourse in challenging surveillance by the U.S. government.