From the excellent ECJblog, I discover a fascinating case about the principles of restitution in EU law (emphasis added):

Case C-470/08, Kornelis van Dijk v Kampen

Since 1982, Mr van Dijk had leased from the Dutch Municipality of Kampen (pictured right) a number of parcels of agricultural land … The lease between the two parties did not contain any clauses relating to the income supported scheme or payment entitlements.

For a number of years Mr van Dijk had received … [various EU] compensatory payments … A dispute arose between Mr van Dijk and the Gemeente Kampen regarding the nature and the extent of the obligations under the lease. The referring court essentially asked whether Community law required a lessee, on the expiry of the lease, to deliver to the lessor the leased land along with the payment entitlements accumulated thereon or relating thereto, or to pay him compensation.

The Court held that … payment entitlements remained with the lessee on the expiry of the lease … [the relevant schemes] did not contain any obligation on farmers who had leased land to transfer their payment entitlements to the lessor on the expiry of the lease.

The Court held that, in accordance with the principles common to the laws of the Member States, the right to restitution from the person enriched was conditional upon there being no valid legal basis for the enrichment at issue (Case C-47/07 P Masdar (UK) v Commission [2008]).

It could not be considered that the payment entitlements which a farmer enjoyed were devoid of any legal basis in so far as they were attributed to him in accordance with the provisions of [a] Regulation … Therefore, the Court concluded that Community law did not require a lessee, on the expiry of the lease, to deliver to the lessor the leased land, including the payment entitlements accumulated thereon or relating thereto, or to pay him compensation.

The Communications (Retention of Data) Bill 2009, published last week, has caused a bit of a stir in this morning’s newspapers. It will give effect to EU Data Retention Directive 2006/24/EC of 15 March 2006 (blogged here) which recently survived challenge by the Irish Government in the European Court of Justice, and it will replace the radically misconceived and deeply flawed stop-gap Part 7 of the Criminal Justice (Terrorist Offences) Act, 2005 (also here) (blogged here).

In essence, the Bill requires telecommunications companies, internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; internet communications have to be retained for one year. This is better than it could have been, in that the Directive would have allowed 2 years for all traffic data; but it is a lot worse than the minimum of 6 months allowed by the Directive. This will impose significant costs on those obliged to retain and secure the data, and those costs will be passed on to their already hard-pressed customers. And it is likely to drive international telecommunications and internet companies to European states which have introduced far less demanding regimes.

Traffic data retention (like any example of pre-emptive and widespread surveillance) is simply a bad idea; it is a massive invasion of privacy; it is founded on the illiberal and anti-democratic suspicion that someone somewhere might be doing something; and it is not good enough to reply that if you have nothing to hide, you have nothing to fear from surveillance. As the prolific and challenging AC Grayling argues in his new book Liberty in the Age of Terror: A Defence of Civil Society and Enlightenment Values (Bloomsbury, 2009; reviewed by The Economist here), this pernicious assertion is “one of the most seductive betrayals of liberty” imaginable; it assumes that

the authorities will always be benign; will always reliably identify and interfere with genuinely bad people only; will never find themselves engaging in ‘mission creep’, with more and more uses to put their new powers and capabilities to; will not redefine crimes, nor redefine various behaviours or views now regarded as acceptable, to extend the range of things for which people can be placed under suspicion—and so considerably on.

The concerns might be met by strong protections coupled with meaningful oversight, but the Bill is worryingly bereft on this score. Although it imposes obligations to retain data, and to maintain it secure, and to prevent unauthorised access to data, it does not provide any redress to someone whose data is retained insecurely or accessed without authorisation; and the Data Protection Acts, 1988 (also here) and 2003 (also here) are inadequate to cope (for example, they would provide no criminal sanction for the News of the World’s recently-disclosed shenanigans). Worse than that, large-scale databases are peculiarly vulnerable to attack – an investigation by More4 News for Channel 4 reported last week (in a story that should give some pause to those planning a system to trace patients for Ireland) that more than 8,000 dangerous viruses have infected NHS computers in the last year, overloading networks, and massively compromising large amounts of personal data.

It is appropriate to restrict individual privacy provided that there is a good reason to do so, and the restrictions do not good too far. In the context of this Bill, the prevention of crime is a good reason, but the restrictions seem to go very far indeed, especially in the absence of proper protections and oversight. In S and Marper v UK 30562/04 [2008] ECHR 1581 (4 December 2008) one of the reasons given by the European Court of Human Rights for holding that the UK’s retention of innocent people’s DNA records on a criminal register infringed their right to privacy was the lack of sufficiently strong safeguards. I am a Director of Digital Rights Ireland; this is one aspect of our ongoing challenge to Ireland’s data retention regime; and this flawed Bill does nothing to alleviate these concerns.

In my last post, I mentioned that the question of the compatibility of mandatory retirement ages with EU law was pending before the European Court of Justice (ECJ). The Court has now handed down its decision, upholding the principle of mandatory retirement ages, but requiring them to be justified on a high standard of proof.

The case, C-388/07 R (on the application of The Incorporated Trustees of the National Council on Ageing (Age Concern England)) v Secretary of State for Business, Enterprise and Regulatory Reform, was a reference from the High Court (Queen’s Bench Division, Administrative Court), for a preliminary ruling concerning the interpretation of Council Directive 2000/78/EC (pdf) of 27 November 2000 establishing a general framework for equal treatment in employment and occupation (OJ 2000 L 303, p16), which had been transposed in the UK by the Employment Equality (Age) Regulations 2006 (SI No 1031 of 2006). The Directive and the Regulations provided for a general principle of non-discrimination on the grounds of age. However, they allowed for exceptions that are objectively and reasonably justified by a legitimate aim, provided that the means of achieving that aim are appropriate and necessary (see, eg, Article 6(1) of the Directive). On this basis, Regulation 30(2) allowed for a derogation from that general principle in the context of compulsory retirement at 65. Age Concern (the UK’s equivalent of Age Action) challenged that derogation on the grounds that the derogation did not meet the requirements of Article 6(1), but the ECJ rejected that challenge: Read the rest of this entry »

I can’t make up my mind whether it’s ironic or not that the European Court of Justice has upheld the Data Retention Directive on Safer Internet Day.

I’ll let Digital Rights Ireland tell the story:

European Court upholds data retention… for the time being

The European Court of Justice has given its decision today in the Irish Government challenge to the Data Retention Directive – [Case C-301/06] Ireland v. Parliament and Council (Press Release | Judgment). Unsurprisingly (in light of the Advocate General’s Opinion) it has held that the directive was properly adopted as an internal market measure (by qualified majority voting) rather than as a criminal matter (requiring unanimity). Where does this leave us and our case?

While it’s a pity to see the Directive upheld, the Government’s challenge was a very narrow one, dealing only with the essentially technical matter of the legal basis for the Directive. The Government didn’t raise and the ECJ wasn’t asked to decide on the fundamental rights issues. Indeed it expressly stated:

The Court notes at the outset that the action brought by Ireland relates solely to the choice of legal basis and not to any possible infringement by the directive of fundamental rights resulting from interference with the exercise of the right to privacy.

Consequently, the decision doesn’t affect the core of our challenge to the Directive, which will still go ahead on the basis that it infringes the rights to privacy and freedom of expression. At the moment we’re waiting on a decision from the High Court on our application to refer these issues to the ECJ – we’re confident that when these issues reach the ECJ that they will decide in our favour.

Read the rest of this entry »