Mexican Supreme Court’s Unique Opportunity To Stand Against Mass Surveillance
This week the Mexican Supreme Court will issue its judgement on the country’s data retention. It will decide on an injunction against the provisions of the the Federal Telecommunications Act known as the ‘Ley Telecom’. The Act requires all telephone companies and internet service providers to retain user communications data for a period of 24 months.
Following the failure of the National Human Rights Commission (CNDH) and the Federal Institute for Access to Public Information and Data Protection (INAI) to take the necessary measures to challenge the constitutionality of the law as per their mandate in September 2014, Red en Defensa de los Derechos Digitales (R3D) filed an injunction against Articles 189 and 190 of the Ley Telecom. The injection was first denied in February 2015 by district court No. 2 on Administrative Matters Specialized in Economic Competition, Broadcasting and Telecommunications. Following this, R3D filed a recourse of revision, leading to the case being referred to the Mexican Supreme Court by the First Collegiate Court on Administrative Matters Specialized in Economic Competition, Broadcasting and Telecommunications in August 2015.
Under the Ley Telecom companies are required to retain vast amounts of metadata for a period of 24 months. This disproportionate and unnecessary regime violates the right to privacy of millions of Mexicans and further contradicts international human rights law as it allows for warrantless access to such data.
Privacy International has joined R3D and other national, and international organisations, in calling upon the Mexican Supreme Court to take a strong stand against disproportionate mass interferences with the right to privacy by revoking mandatory data retention in the Ley Telecom.
The Mexican Supreme Court has a unique opportunity to ensure that Mexico adheres to its international human rights obligations to protect the right to privacy, and uphold the highest data protection standards. If it fails to do so, it will fail to uphold its human rights obligation by permitting unchecked disproportionate interferences with the right to privacy of its citizens.
Data retention has been at the centre of many controversies and the subject of various judgements in both national and regional courts. The European Court of Justice issued an important decision in April 2014 when it declared the EU Directive on Data Retention was invalid and noted that metadata may allow “very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained”. Further, it concluded that the retention of metadata relating to a person’s private life and communications is, in itself, an interference with the right to privacy.
Nevertheless, across the world, countries have kept in place regimes similar to the blanket data retention regime struck down by the European Court of Justice. In July 2014, the United Kingdom adopted the Data Retention and Investigatory Powers Act (DRIPA) which is currently being challenged at the European Court of Human Rights. Colombia continues to uphold a legal regime for data retention for a period of 5 years. In Pakistan, the struggle continues with the General Assembly’s recent passage of the Prevention of Electronic Crimes Bill, which includes data retention for a period of 12 months. The Bill will continue to be challenged as it moves to the Senate.
But there have been successes too. In Paraguay, the Data Retention Bill, nicknamed #Pyrawebs, which would have required data retention for a period of 12 months, was rejected by the Chamber of Deputies.
We hope the decision of the Mexican Supreme Court this week will set a precedent, and take a strong stand against mass surveillance.