EU Court of Justice slams abusive data collection laws

Vlad Constantinescu
by Vlad Constantinescu
VPN Expert & Privacy Advocate
0 Comments
Download PDF
Affiliate Disclosure

  • The EU Court of Justice issued a press release on October 6, 2020, in regards to abusive data collection laws, deeming them unfit for implementation.
  • According to the press release, existing and proposed regulations alike lack implementation safeguards and are too general.
  • Check out our Privacy Section to learn more about protecting your digital identity.
  • Visit our Security Hub for the latest developments in security and bookmark it for later use.
EU Court of Justice slams against abusive data collection

On October 6, 2020, the EU Court of Justice issued a press release regarding Electronic Communications Act laws, deeming them unfit for implementation.

The document aims at EU countries with laws and regulations regarding traffic data retention and the collection of personally identifiable data.

According to the press release, both proposed and existing electronic communication regulations lack implementation safeguards.

What is the Electronic Communications Act?

The Electronic Communications Act is a set of laws meant to regulate electronic communication (EC) networks and services. As a side note, most countries have laws and regulations concerning electronic communication.Electronic Communications Act

The United States, for instance, call it the Electronic Communications Privacy Act.

This legislation affects not only Internet users but also many other means that might fall under the EC category. For instance, the act regulates radio frequency usage, surveillance, privacy protection, and traffic data.

These can all be a great deal of concern, considering the recent growth in privacy violation incidence, data leaks, and surveillance scandals.

EU Court of Justice’s decision on EC laws

The ECJ’s decision also targetted some of the existing laws in the Act, aside from bills that haven’t been included in the legislation.

According to the press release, both proposed and existing laws lack implementation safeguards and are vaguely formulated.

Here is a brief presentation of the ECJ’s press release:

  • ISPs are allowed to retain IP addresses in certain situations, but this operation must be of utmost necessity and can be done for a limited period of time. The ECJ ruled against the indiscriminate logging of IP addresses that are tied to a specific source of communication.
  • In the event of a real, national security threat that is either present or foreseeable, time-limited data collection orders can be issued. However, these orders have to be reviewed by either an independent administrative body or a court in order to be valid. Furthermore, the time limit can be extended as necessary, but only if the threat persists and after the request for a time extension is carefully reviewed.
  • It is forbidden to collect traffic and location data in a general, indiscriminate manner.
  • Should any violation of the ECJ’s ruling be noticed, the illegally-gathered information will be invalidated and banned from being used as evidence in Court.
  • All the laws that the EU Court of Justice found to be lacking implementation safeguards have to be re-formulated and re-submitted.

Is VPN affected by the Electronic Communications Act?

To put it shortly, a VPN can be technically deemed as an electronic communication service. However, given that the service lacks the ability to send or receive communications without a pre-existing Internet connection, it’s not.

Currently, Electronic Communication Acts don’t enforce data retention laws upon anonymization services such as VPNs.

The exact reason is not quite clear, but it might mean that VPN services are not to be considered Rich Communication Services (RCS) or Electronic Communication services (ECS).