Legal body calls for data interception rules to guarantee secrecy of lawyer-client communications

Out-Law News | 25 Sep 2014 | 3:18 pm | 1 min. read

Rules that set out the legal basis for intercepting communications in EU countries must guarantee the privacy of communications between lawyers and their clients, a prominent legal body has said.

The Council of Bars and Law Societies of Europe (CCBE), which represents national bar and law societies across Europe, issued the call in response to a judgment of the Court of Justice of the EU (CJEU). In April the CJEU ruled that the EU's Data Retention Directive disproportionately infringes on individuals' privacy rights. A replacement EU framework for the retention of communications data is expected to be created.

The Directive required telecoms and other electronic communications businesses to retain identifying details of phone calls and emails, such as the traffic and location, to help the police detect and investigate serious crimes. The details exclude the content of those communications.

However, the CCBE said that national rules on the interception of communications "should guarantee the inviolability of data and other evidence falling under the principle of professional secrecy". It said there should be a "harmonised, minimum level of protection for professional secrecy, regardless of the data being traffic data, other metadata or content data, and irrespective of which governmental body requires access to such given data, and whether the purpose is for national security or preventing crime".

Protection for lawyer-client electronic communications should be "the same … as it is in the paper world", the CCBE said.

"This minimum level of protection must ensure in every EU member state a more explicit and consistent protection of professional secrecy of communications between lawyer and client, with prior judicial authorisation for access to data and clear requirements on the purpose and duration of the data retention," the legal body said.

In light of revelations about alleged US intelligence gathering practices, the CCBE called on the European Parliament to "undertake urgent action to establish ‘A European Digital Habeas Corpus – protecting fundamental rights in a digital age’". It said this legal document should set out protections for "lawyer-client confidentiality".

The UK has already implemented a new national data retention framework following the CJEU's judgment, although a legal challenge has subsequently been lodged against the new laws.

Under the UK's Data Retention and Investigatory Powers (DRIP) Act, public telecommunications operators can be required to store 'communications data' if the secretary of state considers the data retention is "necessary and proportionate" to help law enforcement agencies detect and prevent terrorism and other serious crimes or for serving other limited purposes specified under the existing Regulation of Investigatory Powers Act.

Telecoms companies could be asked to store the data for up to a year, under the Act. Operators based outside of the UK can be forced to comply with data retention orders made in accordance with the new rules, according to the new provisions.