France’s Council of State has ruled that the existing threat to national security currently justifies the generalised retention of telecom connection data.
However, the council, which acts as the Supreme Court for administrative justice in France, ordered the government to regularly reassess the threat justifying retention of data and submit the intelligence services’ use of it to clearance provided by an independent authority.
French law requires telecommunications operators to retain their users’ connection data to fight terrorism and crime and the council accepts data retention plays a major role in those fields.
It was ruling on appeals lodged by several non-governmental organisations (NGOs), which object to data retention, and a telecom operator.
The data concerned is metadata, rather than the exchanges’ content, and falls into three categories:
- ID data, which allows identification of the user of an electronic communication system, such as the first and last names linked to a telephone number or the IP
- traffic data, which tracks dates, hours and recipients of electronic communications, or the list of websites consulted
- location data, which allows a device to be ‘marked’ by the base station to which it is connected
The council also verified implementation of EU law, which strictly limits telecom operators’ requirements to retain connection data, does not jeopardise the French constitution.
Register to receive the latest data protection and privacy news and analysis straight to your inbox How