An April 2014 European Union Court of Justice decision could limit the National Security Agency dragnet, according to an opinion published Thursday by EU Parliament legal advisers.
Last year’s ruling, which found that the EU Data Retention Directive violated human rights, could see EU and member states’ surveillance laws and international cooperation challenged, they stated. The lawyers said the precedent set by the court opens the programs up to litigation and executive revision on the grounds that they violate the EU Charter on Fundamental Rights.
For American law enforcement and intelligence officials, the initial ruling–and the strong official opinion on it–could have significant ramifications.
“We know that the NSA is cooperating with GCHQ and other European intelligence agencies to access data and information transiting through Europe,” said Jochai Ben Avie, policy director of the digital civil liberties group Access. “Striking at the legality of data retention could roll back the access to those databases in Europe.”
The conclusion of the report published Thursday is significant, he said, because it “is an authoritative legal opinion, and outlines path toward remedy.”
It also should inform the legislative process if lawmakers attempt to find loopholes in the 2014 ruling.
“European policymakers need to think twice before ever proposing data retention again,” he said.
In a blog post, another Access policy analyst, Estelle Massé, said that incumbent laws in France and Britain might not comport with EU standards, if the parliamentary legal opinion is any indication.
The EU parliamentary legal services undertook the study after the Civil Liberties Committee of the European Parliament requested it, with specific questions about the legality of international passenger name sharing and terrorist financing tracking programs.
The advisers said that the programs benefit from “the presumption of legality” but might very well “suffer the same fate as the data retention directive.” EU citizens could ask the executive body, the European Commission, or a European judge to look into the legitimacy of the programs, the parliamentary legal team concluded.
The passenger data agreement currently okays the 15-year retention and transfer of information about airline passengers traveling between the EU and either the US, Canada or Australia.
The Terrorist Financing Tracking Program is a bilateral deal between the US and EU, and gives American law enforcement authorities access to the SWIFT financial database in Belgium.
The data retention program that was deemed illegal last year was adopted by the EU in 2006, and required all telecommunications data to be collected and retained for between six months and two years. Ben Avie described the ruling on the program as “a sweeping condemnation of data retention as a practice that severely interfered with human rights.”
Correction: An earlier version of this article referred to the “European Union Court of Justice” as a “European court.”
