ECHR Finds Russian Law Enforcement Data Access Laws Violate European Convention of Human Rights

By: Karla Lellis

Impunity Watch News Visiting Writer

STRASBOURG, France – On February 13, 2024, the European Court of Human Rights (ECHR) ruled against extensive Russian surveillance laws that mandated companies store all internet communications and provide decryption keys to security services upon request. The Court held that such practices violate the right to privacy under Article 8 of the European Convention on Human Rights, especially regarding end-to-end encryption decryption requirements.

 
Telegram app download page. | Photo courtesy of PhysOrg.
 

The ruling in Podchasov v. Russia represents a resounding victory for advocates of online privacy and free expression. The ruling considers Russia’s indiscriminate data retention and decryption requirements a violation of the fundamental right to privacy enshrined in the European Convention on Human Rights. The Russian legislation in question had forced internet companies, including the encrypted messaging app Telegram, to retain transcripts of all user communications for six months and metadata for one year. The laws also required firms to hand over any encrypted data to state security agencies like the FSB upon demand, with no sufficient safeguards against misuse.

The case was brought by the applicant Podchasov, a Telegram user investigated for suspected terrorism ties. He challenged the Russian data hoarding and decryption rules as violating Article 8’s privacy guarantee in communications. Ruling in favor of Podchasov, the ECHR found that the Russian mass surveillance regime permitted “public authorities to have access, on a generalized basis and without sufficient safeguards, to the content of electronic communications” — an unacceptable impairment of privacy rights.

The ruling underscores encryption’s crucial role in safeguarding digital privacy and free expression in the modern era. As the United Nations has affirmed, encryption is vital for protecting rights and enabling open communication on sensitive issues without the fear of unwarranted surveillance or repression.

While acknowledging that encryption creates obstacles for policing, the Court made clear that blanket data seizures and decryption mandates are disproportionate solutions that undermine online privacy and security for all.

For further information, please see:

ECHR – Guide on Article 8 of the European Convention on Human Rights – 31 Aug. 2022

ECHR Docket – Podchasov v. Russia, App. No. 33696/19 – 13 Feb. 2024

ECHR Docket – Roman Zakharov V. Russia, App. No. 47143/06 – 4 Dec. 2015

ECHR Docket – Telegram Messenger Llp and Telegram Messenger Inc. Against Russia, App. No. 13232/18 – 16 Nov. 2020

Humans Right Watch – Russia: Growing Internet Isolation, Control, Censorship Authorities Regulate Infrastructure, Block Content – 18 Jun. 2020

Phys Org – Telegram must give FSB encryption keys: Russian court – 20 Mar. 2018

Russian Federation – Criminal-Procedural Code Of The Russian Federation No. 174-Fz – 18 Dec 2001

Russian Government – Federal Security Service of the Russian Federation – ND

Telegram – FAQ – ND

Author: Sydney Krause