Fierce legal battle over data retention in Sweden

There is a rather interesting legal battle concerning data retention going on in Sweden. Parties are the ISP Bahnhof and the government oversight authority Post- & Telestyrelsen (PTS).

Two years ago, to the day, the European Court of Justice (ECJ) invalidated the EU data retention directive — stating that it is in violation of human rights, especially the right to privacy.

However, in Sweden data retention continues — under a cross-party political consensus. This is to be tried in the ECJ, but is still an open issue.

Meanwhile, Swedish police (and other authorities) are using data retention to demand information about Internet users and their activities from the ISPs.

Referring to the ECJ verdict, the ISP Bahnhof, has refused to share information about minor crimes with the police. After all, data retention was supposed to be about terrorism and other serious criminal activities.

To share information from data retention, Bahnhof requires that the police confirm that it will only be used for investigating serious crimes according to relevant Swedish legal definitions. And Bahnhof demands this information from the police in writing.

The police is not happy about this. Not at all. So it has asked PTS to investigate what can be done. This leading to PTS slamming Bahnhof with a penalty of five million Swedish kronor (some 550.000 euros) if not compliant.

Now, we shall remember that there still is an open case about Swedish data retention in the ECJ. Also, a Swedish administrative court has asked the ECJ for guidance when it comes to the Bahnhof case.

This has lead Bahnhof to ask the Stockholm lower administrative court (Förvaltningsrätten) for inhibition of the PTS decision concerning the fines mentioned above.

Now, this court has granted Bahnhof inhibition — until it has reached a final verdict after careful investigation in the wider context of data retention. However, PTS still can appeal against the inhibition. If so, the case will move up the three-tier Swedish administrative court system.

The bottom line is that a relatively small ISP — backed up by the first ECJ ruling — is prepared to take a fight against the government on data retention. And that the Swedish government is trying to circumvent the ECJ verdict, to maintain mass surveillance.

This is a story to be continued.

/ HAX

Disclaimer: The 5:th of July-foundation, running this blog, is the VPN provider for Bahnhof (and others). Bahnhofs lawyer is also a member of the board of the 5:th of July foundation.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.