French Council of State rules on the retention of connection data

Ruling on appeals lodged by several NGOs and a telecom operator, the French Council of State has examined the conformity with EU law of French rules on the retention of connection data. It also verified that the implementation of EU law, as interpreted by the European Court of Justice (ECJ) does not jeopardize the requirements of the French Constitution. The Council of State has ruled that the existing threat to national security currently justifies the generalized retention of data. It also notes that the possibility of accessing connection data in order to fight serious crime allows, at the present time, the constitutional requirements of preventing breaches of law and order and the tracking down of authors of criminal offences to be ensured. However, it orders the Government to reassess regularly the threat that exists in France so as to justify the generalized retention of data and to submit the use of these data by the intelligence services to clearance provided by an independent authority. Finally, with regard to the use of retained data for intelligence purposes, the Council of State notes that the prior review by an independent authority provided by the French legal framework is not sufficient because the opinion of the National Commission for the Control of Intelligence Techniques (CNCTR), which must be given prior to any authorisation, is not binding. Even though the Prime Minister has never refused to follow an opinion of this Commission recommending refusal of access to connection data by the intelligence services, French law should be amended on this point. The Council of State therefore orders the Prime Minister to modify the regulatory framework to comply with these requirements within six months.