Data retention interferes with the right to respect for private life
The European Court of Human Rights has interpreted Article 8’s reference to respect for private life expansively. Private life does not consist only of an individual’s innermost thoughts—those that he chooses not to share with the outside world. It extends to the right to establish and develop relationships with other human beings. Intrusions into an individual’s personal or business affairs that interfere with this right therefore fall within the protection of Article 8.
An individual’s use of communications services falls squarely within this zone of privacy. The telephone, the Internet and other communications services are quintessentially about bringing people together, in a personal or a business capacity. Government regulation that chills use of these services is accordingly an interference with the right to respect for private life protected by Article 8. Thus, in Klass v. Germany, the Court reasoned that because a law permitting interception of mail created a “menace of surveillance” for all users of the postal service, and because that menace struck at freedom of communication, the law therefore constituted an interference with the right to respect for private life. The indiscriminate retention of traffic data strikes at freedom of communication in the same way as the law at issue in Klass. By ensuring that use of communications services will generate a record of one’s private activities, data retention requirements threaten all users of those services with the menace that this record will be abused, either by public or private actors. That menace is no less an interference with the right to private life than the generalised threat in Klass that one’s mail may be intercepted by the authorities.
Retention of data by the authorities is an interference in private life, whether or not the State subsequently uses that data against the individual. In Amann v. Switzerland, the European Court of Human Rights found Article 8 applicable when State security services kept a record indicating that the applicant was a contact of the Soviet Embassy, after intercepting a telephone call from the Embassy to the applicant. The Court specifically noted that storage of the information on an index card alone was sufficient to constitute an interference in private life and that the subsequent use of the stored information had no bearing on that finding. Similarly, in Rotaru v. Romania, the Court found that the storing of information by the security services on the applicant’s past activities as a university student constituted an interference with his Article 8 rights. The data retention envisaged by the Framework Decision and now seen in some Member State laws is of a far greater magnitude than that at issue in either of these cases. Under the EU proposal, for instance, at any given time a record would be in existence recording each and every person or entity with which an individual had communicated electronically over a one to two year period, as well as the time of the communication and the location from which it was made.
Data retention is no less an interference in private life when it is limited to traffic data, rather than recording the content of individual communications. The European Court of Human Rights has repeatedly found the recording of numbers dialed from conventional telephones to constitute an interference with private life. In an earlier technological era, the Court pointed out that the records of such metering contain information which is an integral element in the communications made by telephone. Indeed, the information at issue in Amann—that the applicant was a contact of the Soviet Embassy—could have been inferred just as easily from traffic data as it was from interception of the content of the communication. Recent technological advances have blurred the distinction between traffic data and content still further. We now live in a world when mobile phone companies are able to record the exact location from which calls are made, Internet Service Providers can track every web page visited by their users, and the address lines of e-mails provide a wealth of data about the circle of people with which each individual interacts. All of this information, and more, would be stored under the terms of the Framework Decision; it is now being stored pursuant to a variety of Member State laws. As the case law of the European Court of Human Rights makes amply clear, this represents an interference of unprecedented proportions in the private life of every user of European-based communications services.