PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Article: New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case

Posted on October 25, 2015June 26, 2025 by Dissent

There’s a new article by Frederik J. Zuiderveen Borgesius and Axel Arnbak:

Abstract:

This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance – and claim that mass surveillance is lawful, even if it affects millions of innocent people.

Reference:

Zuiderveen Borgesius, Frederik J. and Arnbak, Axel, New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case (October 23, 2015). Amsterdam Law School Research Paper No. 2015-41.

Download the full article at SSRN: http://ssrn.com/abstract=2678860

 

No related posts.

Category: Surveillance

Post navigation

← After FOI Request, EPIC Obtains Secret “Umbrella Agreement” from the EU Commission
Obfuscation: how leaving a trail of confusion can beat online surveillance →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • White House ordered to restore Medicaid funding to Planned Parenthood clinics
  • California Attorney General Announces $1.55M CCPA Settlement with Healthline.com
  • Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance
  • Wiretap Suits Pit Old Privacy Laws Against New AI Technology
  • Action against tiny Scottish charity sparks huge ICO row
  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard

RSS Recent Posts on DataBreaches.net

  • Minnesota National Guard deployed; St. Paul declares state of emergency in response to cyberattack
  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy