The annulment of an EU data retention directive has implications for the government – and lawyers.

There was a small earthquake in Luxembourg this week. I have not seen it much reported in the UK, although the effects will in due course arrive on our shores. The cause? The Court of Justice of the European Union annulled an EU directive, the Data Retention Directive 2006/24/EC. It is a rarity for the court to annul a whole directive like that.

The directive is a security measure dealing with the obligations of providers of publicly available electronic communications services or public communications networks to retain data for the purpose of the investigation, detection and prosecution of serious crime. In joined Cases C‑293/12 (brought by Digital Rights Ireland Ltd) and C‑594/12 (brought by the Carinthian regional government in Austria and 11,130 Austrian citizens), the court was asked to examine the validity of the directive, particularly in the light of two rights listed in the Charter of Fundamental Rights of the EU: the right to respect for private life, and the right to the protection of personal data.

To summarise the judgement in one sentence, the court declared the Directive invalid because it entails a wide-ranging and particularly serious interference in the fundamental rights of respect for private life and of the protection of personal data, without that interference being limited to what is strictly necessary.

In the UK, the Data Retention Directive is enacted by the Data Retention (EC Directive) Regulations 2009. Presumably, these will now have to be revised or withdrawn. The government wanted to go further than the Regulations with the recent Communications Data Bill, or snooper’s charter, which appears to have been ditched for the time being through the intervention of the deputy prime minister.

If we did not know it before, we do know now that the the priorities of our government favour spying on the rest of us over criticising the EU. That is because – instead of joining in the general cheering at the annulment of a law which put duties on member states, something which the government is supposed to hate above all else – the UK government expressed its concern at the court’s decision.

And have we, as UK citizens, become so accommodating to the security state that it is through 11,000 Austrians and one Irish NGO that our rights have been restored? I know that there are powerful arguments to ensure that we stay secure, but events such as this decision, and the continuing Snowden revelations, show that it is important to put limits on the state’s security powers.

As for we lawyers, there is an important paragraph of the judgement (number 58) which applies to us. The first part is a general criticism of the directive, but then comes the lawyer sentence: ‘Directive 2006/24 affects, in a comprehensive manner, all persons using electronic communications services, but without the persons whose data are retained being, even indirectly, in a situation which is liable to give rise to criminal prosecutions. It therefore applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime.

‘Furthermore, it does not provide for any exception, with the result that it applies even to persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy.’

Whooppee! I would like to think that the court had read the several briefing papers issued by my organisation, the Council of Bars and Law Societies of Europe (CCBE), during the passage of the directive, immediately after it was passed and during the implementation phase. Each time, we called for the protection of professional secrecy. The European Parliament even passed a legislative resolution on this topic at the same time as it approved the Data Retention Directive.

The relevant part of this resolution of 14 December 2005 stressed the need to safeguard professional secrecy, as follows: ‘The European Parliament (…) 4. Considers that the member states have the right to apply their national constitutional principles and considers especially that professional secrecy will also be respected in the application of the present directive’. But it was not to be.

Doubtless the Data Retention Directive will be introduced in due course in another form and with another name. But this time the judgement of the court will have to be used as a basis for its provisions. I trust, therefore, that professional secrecy will be adequately protected, including in its implementation in eventual UK regulations.

Come on, you Brits, let us look after our ancient rights as against the state – and not let an Irish NGO or 11,000 Austrians do the work for us!

Jonathan Goldsmith is secretary general of the Council of Bars and Law Societies of Europe, which represents around a million European lawyers through its member bars and law societies. He blogs weekly for the Gazette on European affairs