A district court in The Hague has overturned 2009 Dutch laws that required telcos and internet providers to retain customer data for law enforcement for between six and 12 months.
The law was created in response to the now defunct EU directive on data retention which was subsequently seen as infringing privacy rights by holding data on citizens regardless of whether they were suspected of involvement in crime.
Privacy advocate Privacy First claimed that the legislation was in conflict with European law and infringed the right to protection of privacy. It is proposed that telcos will now need to encrypt any stored data and will require authorisation from a judge before the data is given to law-enforcement agencies. In addition, access is to be limited to the investigation and prosecution of serious crimes.
Judge GP van Ham noted that the move could have far-reaching consequences for investigating and prosecuting crimes but said that this did not justify the privacy breaches the law entailed. No deadline was set for disposing of data.
The justice ministry has said it will study the ruling closely before making any comment, but the Dutch government could still reintroduce an amended version of the law.