The EU’s top court on Tuesday put limits on how European spy and security agencies could harvest troves of personal data, but said this could be done under a serious threat to national security.
At the request of the courts in France, Belgium and Britain, the European Court of Justice confirmed that “EU law precludes national legislation” that requires telcos and tech companies to carry out the “indiscriminate retention” of data, a statement said.
However, it does allow for exemptions in cases of “serious threat to national security” or the “fight against serious crime”, under the supervision of a judge or an independent administrative authority.
This lifting of the ban would have to be “limited in time to what is strictly necessary,” the court added.
The decision will be closely looked at by privacy activists who fear wide loopholes that would allow unfettered data spying by state agencies.
Data privacy is a highly sensitive issue in Europe, where activists have put the legality of Facebook and other big tech operations into jeopardy over similar concerns.
The legal onslaught began after revelations by Edward Snowden of mass digital spying by US agencies that also revealed cooperation with Washington by the UK’s spy agencies.
The mass harvesting of data is a central part of anti-terror laws passed in several Western countries in the wake of September 11 and other attacks.