On Tuesday, the EU’s top court put limits on how European spy and security agencies could harvest troves of personal data but said this could be done under a serious threat to national security.
A statement said that at the request of the courts in Belgium, Britain, France, and the European Court of Justice confirmed that “EU law precludes national legislation” that requires telcos and tech companies to carry out the “indiscriminate retention” of data.
However, it does allow for exceptions in cases of “serious threat to national security” or the “fight against serious crime”, under the supervision of a judge or an independent administrative authority.
The court also added that this lifting of the ban would have to be “limited in time to what is strictly necessary.”
The decision will be closely looked at by privacy activists who fear wide loopholes that would allow unfettered data spying by state agencies.
Data privacy is a highly sensitive issue in Europe, where activists have put the legality of Facebook and other big tech operations into jeopardy over similar concerns.
The legal onslaught began after revelations by Edward Snowden of mass digital spying by US agencies that also revealed cooperation with Washington by the UK’s spy agencies.
The mass harvesting of data is a central part of anti-terror laws passed in several Western countries in the wake of September 11 and other attacks.