A Belgian law requiring telecommunications operators and ISPs to store customer metadata for police investigations was axed by the Constitutional Court of Belgium on Thursday because it violates fundamental privacy rights.
Under the law, customer metadata such as call logs as well as location and Internet data had to be stored for one year for law enforcement to use when investigating serious crimes and terrorism.
The law went into effect in 2013 and was based on the now defunct EU Data Retention Directive that was invalidated by the Court of Justice of the EU (CJEU) last year, also because it violated fundamental privacy rights.
The Belgian law was challenged by the League for Human Rights and the Order of French-speaking and German-speaking Lawyers shortly after it was introduced. They wanted the law annulled, arguing it was unconstitutional and violated European human rights.
In its verdict, the Constitutional Court said it decided to scrap the law for the same reasons as the CJEU invalidated the Data Retention Directive.
The Belgian law also violates articles 7 and 8 of the Charter of Fundamental Rights of the EU, which cover the right of individuals to privacy in their lives and communications as well as the protection of their personal data. The law also violates article 52, which states that limitations on people's freedoms may only be made if they are necessary and genuinely meet the objectives of general interest.
Belgium is not the only country where such a law was passed and later scrapped. In Germany, the data retention law based on the EU Directive was ruled unconstitutional in 2010. However, the German government last month proposed to reintroduce a data retention law. That proposed law, as currently drafted, could also be unconstitutional, according to critics.
A similar law was also invalidated by the Constitutional Court of Austria last year.
Other countries that annulled their data retention laws are also considering passing new ones, arguing such legislation is necessary for law enforcement to do its work properly. For example, the Netherlands' local law was scrapped by a court in March, but the government is scrambling to pass a new one as soon as possible.
The U.K. meanwhile rushed through the approval of a data retention law last year, replacing the one based on the EU Directive. However, that new law is being challenged before the country's High Court, which must determine if it too violates human rights.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.