Joris van Hoboken

Today, the European Court of Justice issued its judgment in the case Ireland v. the European Parliament and Council. The Court concludes that the Data Retention Directive (2006/24/EC) relates predominately to the functioning of the internal market, so it was necessary to adopt it on the basis of Article 95 EC Treaty.

The Court makes clear at the outset that its judgment concerns not the question whether the Directive violates fundamental rights such as the right to privacy. It bases its judgment about the appropriateness of the legal base on three arguments, each of which seems enough (for the Court) to come to that conclusion:

UPDATE (COMMENTS):

It’s not too hard to comment on the ruling because I am not very impressed by its logic. Since I have already commented on some of the main arguments, which are informed by the Opinion of the Advocate General, I will restrict myself to one main point, that is the implications of this ruling for the question whether the directive is a violation of fundamental rights.

Although it is true that the Court was not asked directly to rule on the interference of blanket data retention with fundamental rights, the Court’s complete separation of that issue from this case is striking. In fact, Slovakia directly claimed the Directive could only be a third pillar measure because the interference could only be argued to be proportional in view of the fight against crime and terrorism.

It is questionable whether such far-reaching interference may be justified on economic grounds, in this case the enhanced functioning of the internal market. The adoption of an act outside the scope of Community competence, the primary and undisguised purpose of which is the fight against crime and terrorism, would be a more appropriate solution, providing a more proportionate justification for interference with the right of individuals to protection of their privacy.

The Court decides to separate these issues. The Commission had stated that “the reference to the investigation, detection and prosecution of serious crime falls under Community law because it serves to indicate the legitimate objective of the restrictions imposed by that directive on the rights of individuals with regard to data protection.” The Court does not address this specific question explicitly but states that “the action brought by Ireland relates solely to the choice of legal basis and not to any possible infringement of fundamental rights arising from interference with the exercise of the right to privacy contained in Directive 2006/24.” Implicitly, it seems to agree with the Commission and the AG (who had adopted the Commission’s position on this matter).

If we combine this argument with the Court’s conclusion that the directive is not about access to the data, the result is striking. The references to the investigation, detection and prosecution of serious crime in the directive no longer serves as a restriction with regard to the purposes of the retained data but merely as an indication that national law can legitimately retain these data for that purpose. Hence the directive does not obligate the member states to restrict lawful access to certain cases, but it also does not obligate them to provide access in certain cases. The preliminary ruling of the German Constitutional Court is thereby legal under European law.

However, it is clear that merely giving an indication of the purpose of an interference is not enough to respect the proportionality and subsidiarity required by Article 8 ECHR. Interferences need to be narrowly targeted. Thus access to the data need to be restricted in some manner, depending on the line that is drawn as a result of this test. The lack of access restrictions in the directive moves the burden to establish the proportionality and subsidiarity entirely to the member states. In my opinion this significantly weakens the already weak case for the proportionality and subsidiarity of the European legislature’s interference with fundamental rights through the enactment of the Directive.

EFF is investigating blocking and shaping of Internet traffic by Comcast. They have already found some evidence about which they have made this report. This type of interference is starting to be fashionable. Blocking p2p is exactly the type of private censorship that will probably do fairly well in the political arena. A Belgian judge even ordered the ISP to start filtering such traffic. I think it will be big enough a hedge for lifting the concerns over net neutrality. Although it could be that some companies are found to be so deep into our Internet traffic that it gets sticky. we’ll see…

(Via Maria Gomez Rodriguez) By filtering out very popular legitimate content of Pearl Jam, AT&T has just shot itself in its anti net neutrality feet. If even a big band like Pearl Jam does not get respected by them, what will happen to the content of the millions and millions of smaller bands, broadcasters, legitimate music sharers, etc…

UPDATE: Lessig wrote about this issue on his blog. His post received some very interesting comments.

Last week I attended a symposium organized by ECP.nl about the Network Neutrality debate and its possible relevance for The Netherlands and Europe. I wrote an column (in Dutch) about it on XS4ALL’s weblog for debate. XS4All is one of the oldest Internet Service Providers in the Netherlands. They are one of the progressive forces in the Internet industry in the Netherlands.

The column speaks about the negative consequences for ISP’s, in terms of liability for content of Internet traffic related damage, were they to abandon their neutral, common carriage position with regard to the traffic they process. Michael Geist noted something similar in his post about the news that AT&T is heading for an alignment with Hollywood -after rethinking their strategic position- and consider filtering their networks to prevent copyright infringement.

Filtertechnics has won a case about the legality of its webspam filter for Google results in Germany. The Court of Appeals in Hamm, concludes that the website in question was in fact constructed with thousands of Doorway Pages, a construction with the sole purpose to manipulate the search engine. Filtertechnics had appealed an earlier ruling, in which Filtertechnics was ordered to stop denoting the particular site as spammy.

The case shines some light on legal questions about search engine’s guidelines, which include anti spam policies. The legal battles over webspam, or spamdexing, are a focal point in the conflicts between search engines and information providers.

The Court of Appeals states: In the case of a verifiable suspicion of search engine manipulation, Filter software is allowed to denote the particular site as ‘Spam’.

Interestingly, the court states that it does not matter whether the particular site does not contain any relevant material for the Internet user. It is enough that there is manipulation involved. The lower court had given a lot of weight to the spamdexing definition in the German Wikipedia, that states that the spam site would not contain any such useful information. According to the Court of Appeals the wider Spam definition in the context of Filtersoftware is in fact appropriate and user friendly, while Internet users exactly want to find the websites that really earn their ranking in search engines.

The Court concludes that spamdexing filters, in view of the flood of unjustifiable search engine results, are also permissible from the point of view of user protection. The user and the public have a legitimate interest to use suitable technical means to filter spam, which one was not primarily looking for.

The Langdon judgement in the U.S., 20.02.2007, on the permissibility of refusing advertisements by search engines, search engine’s First Amendment rights and search engine immunity under the Communication Decency Act § 230.