Brussels (AFP)

European justice opposed on Tuesday that states order telecom operators the "generalized and undifferentiated" collection of connection and location data, and put safeguards for targeted or limited-time collection in the event of " serious threat to national security ".

Asked by courts in France, Belgium and the United Kingdom, the Luxembourg-based Court of Justice of the EU (CJEU) has confirmed that EU law opposes national regulations requiring service providers "the generalized and undifferentiated transmission or preservation" of metadata of internet connections and telephone conversations, according to the text of the judgment.

Concretely, the metadata of internet connections and telephone conversations - which do not relate to the content of the messages but the conditions under which they were exchanged (identity, location, date, duration, etc.) - cannot be kept indefinitely. and uniformly by operators.

The CJEU however admits framed exemptions in the event that a State faces "a serious threat to national security, real and current or foreseeable", which may lead it to impose, by "legislative measures", a conservation "generalized and undifferentiated" data "for a period of time limited to what is strictly necessary".

Likewise, in the "fight against serious crime" and "the prevention of serious threats to public security", a Member State may also "provide for the targeted retention of data as well as their rapid retention".

However, "such an interference with fundamental rights must be accompanied by effective guarantees and controlled by a judge or an independent administrative authority", insists the Court.

In a 2016 judgment called "Tele2", the CJEU ruled that member states could not impose on providers a "generalized and undifferentiated obligation" to collect and store traffic data and location data

But several EU states continue to require such a collection so that police, magistrates or intelligence services can access this data.

They are based on the Treaty on the EU, according to which national security "remains the sole responsibility of each member state".

An argument which did not convince the CJEU, for which these practices indeed contravene the European directive "private life and electronic communications".

The CJEU was examining in particular several decrees implementing the French code of internal security, from 2015 and 2016, attacked by the organizations La Quadrature du Net, the access provider French Data Network and the Federation of associative internet access providers. .

She was also asked about Belgian and British regulations, which imposed on operators the same type of massive data collection.

© 2020 AFP