In a decree made public today, French Prime Minister Élisabeth Borne has extended the temporary retention of communications data of all citizens in France for another year. The blanket retention obligation concerns identity data (surname, first name, date and place of birth, postal address(es), e-mail address(es), telephone number(s)) as well as payment information, connection data (IP addresses, port numbers, identification numbers of users and their devices, date, time and duration of each communication, data on supplementary services and their providers) and also
the location data of electronic communications of the entire population. Providers are obliged to retain this data of their customers for 12 months. The reason given for the mass retention order is a current and serious threat to the national security of the country but details and evidence are not provided. The decree comes into force on 21 October 2022 and is valid for another year.
MEP and civil liberties activist Patrick Breyer (Pirate Party Member of the European Parliament) comments:
“Mass surveillance contradicts the European values of democracy, civil liberties and the rule of law. Blanket surveillance of any kind places the population under general suspicion. France is wrong in referring to an exception allowed by the European Court of Justice in case of a specific threat to national security. France’s unspecific reference to a permanent, general security risk does not justify mass surveillance, as a former judge confirms in a legal opinion.
The French government makes the EU court’s exception the rule. National security is no free ride for mass surveillance. On the issue of data retention, the EU has a serious problem with the rule of law. Any form of blanket surveillance is a characteristic of authoritarian regimes.