Last month, French Data Network and La Quadrature du Net filed a lawsuit to the Conseil d’État, one of the supreme courts, against the French government. Our objective is simple: we want to take down French data retention laws.
the French Data Network (FDN), the oldest French internet access provider, and a nonprofit organisation promoting the Internet and spreading knowledge on how it works.
the Fédération FDN, a federation of ISP very much like FDN (FDN is one of the founding members of the Fédération), created to spread and distribute efforts accross geographical locations to serve the same goal.
On December 24, the government issued a décret, an order by the executive branch to enable the application of the law (issued by the Parliament). Décrets can be challenged in court, directly to the Conseil d’État, until two months after they are published. This is the procedure we’re in.
Formally, our target is a décret of the 2013 law setting the strategy for military operations and prerogatives for the near future (the “LPM” law). Specifically, article 20 of this law set new ways for the state to access data retained by telcos and internet ISPs.
For us, this was just a legal opportunity to seize in order to bring our arguments in front of a judge, against the concept of general data retention, i.e. keeping metadata and records on communications of the whole population.
In the aftermath of the European Union Court of Justice’s landmark decision in Digital Rights Ireland (April 8, 2014; C‑293/12 & C‑594/12), data retention laws in Europe are being cancelled, almost automatically, one by one (lately, in the Netherlands, see the preliminary injunction by the Hague court, March 11, 2015). Almost automatically indeed, because national judges, in matter of European Union law, have to apply EU principles and case law directly.
So this is what we’re trying to do in France, albeit one difference. Unlike other data retention laws in Europe, French laws predate the 2006 EU data retention directive; so our task seems a bit more difficult.
Anyway, here comes an overview of our main arguments:
- the décret tries to fix the law; because the law did not define correctly its own scope (the definition of the type of data subject to the law). But that’s something the government is not supposed to do! The scope of the law is a legislative power prerogative, not the executive’s.
- the décret had to organise the administrative control defined in the law, but the décret doesn’t do it. Thus, the government did not fullfil the obligations the law created.
And, of course, the main argument (part 4.1 of our legal writing):
- This is a matter of European Union law. As the 2002 directive (so called ePrivacy directive) says in its article 15, measures of data retention must be made according to EU law principles.
- Thus, the EUCJ Digital Rights Ireland decision is directly applicable to French laws on data retention.
- As a consequence, the judge must realise that data retention, as set in French law, is clearly against our fundamental rights to free speech and to the respect of private life! The government cannot legally mandate telcos and internet ISPs to keep metadata and records on the communications of the whole population (and for a whole year at least)!
If you’re interested, you can read the whole thing (in French).
I’ll keep you posted on the blog about the procedure. It should take at minimum a year, if nothing unexpected happens (but it can be significantly longer depending on prejudicial and accessory procedures…).
But as you may know, the government is currently trying to pass new law giving extremely broad powers to the state with regard to surveillance measures, including new ways to access our communications and our data, all of this without effective judicial oversight.
Our legal challenge has thus taken a new level, against the French surveillance state.
Related: La Quadrature’s press release