Statewatch Observatory
The surveillance of telecommunications in the EU
Under mandatory data retention
a record will be kept of everyone's
phone-calls, e-mails, mobile phone calls (including location)
and internet usage
EU-MANDATORY-RETENTION-OF-TELECOMMUNICATIONS-DATA: Germany: Press freedom under attack: Big Brother Eyes German Journalists (Speigel Online, link) See: Statewatch Observatory: The surveillance of telecommunications in the EU
September 2007: UK: Mandatory retention of telecommunications in UK - as predicted - "nodded" through parliament and comes into effect on 1 October 2007: Statutory Instruments 2007 No. 2199, Electronic Communications: The Data Retention (EC Directive) Regulations 2007 After a perfunctory and ill-informed exchange, which just lasted a few minutes:House of Lords (pdf), no reference was made to the fact that the transposition of the existing "voluntary" agreement into a mandatory one would normally require primary legislation. As from October records all phone-calls, e-mails, faxes, mobile phone calls (including locations) have to be retained by service providers for access by law enforcement agencies. Within 18 months a further Statutory instrument will cover the retention of internet usage (sites visited etc and voice telephony via internet). See: Statewatch analysis: Mandatory retention of telecommunications traffic to be "nodded" through in the UK (pdf) and UK: Data retention and access consultation farce: Government to allow access for crime purposes to records which can only be held for “national security”
EU: Data Protection Commissioners calls for harmonised safeguards on the use of mandatory data retention Tony Bunyan, Statewatch editor, comments: "Time and time again EU governments are "harmonising" the powers of the state to place individuals under surveillance, when are they going to "harmonise" the right of the individuals against the misuse and abuse of state power?"
Article 29 Data Protection
Working Party Opinion (WP 119) on mandatory data retention (pdf)
Final
version of the Directive on mandatory retention of traffic data
from the Official Journal (pdf)
See also: Data
retention and police access in the UK - a warning for Europe
January 2006
EU: Mandatory data retention vote in the European Parliament on 14 December 2005 The final vote on the legislative resolution was 378 in favour, 197 against with 30 abstentions. The Green/EFA and GUE (left group) voted against while the ALDE (liberal group) split with 25 MEPs voting in favour and 37 against (including Mr Alvaro, the rapporteur). The two biggest parties, the PSE (socialist group) and PPE (conservative group) overwhelmingly voted in favour - 39 PPE MEPs voted against (10 abstained) and 24 PSE MEPs voted against (2 abstained).
EU: Another
nail in democracy's coffin: European Parliament, 14 December
2005: The EP today voted in favour of "deal" on mandatory
data retention agreed in secret meetings between the Council
(EU governments) and the "grand coalition" of the PPE
(conservative group) and the PSE (socialist group). The measure
was "fast-tracked" through the parliament on 1st reading.
The vote was 378 votes in favour, 197 against and 30 abstentions.
The GUE, Greens and UEN groups and some members from the ALDE
group voted against the directive in the final vote. The rapporteur,
Alexander Nuno Alvaro (ALDE, DE) withdrew his name from the report.
Amendments
adopted by EP
(pdf) For documents and background please see: Statewatch analysis:
"The
European Parliament and data retention: Chronicle of a 'sell-out'
foretold?"
(pdf) by Professor Steve Peers, Open Letter from civil
society groups to the European Parliament calling on MEPs to
reject Data Retention,
UK-EU: Data
retention and police access in the UK - a warning for Europe and for full background, see Statewatch's Observatory
on the surveillance of telecommunications in the EU
Tony Bunyan, Statewatch editor, comments:
"The European Parliament has failed on almost every count to protect fundamental rights and privacy. The two big parties in the parliament believe more in "inter-institutional loyalty" to the Council (the EU governments) than their responsibility to the people who elected them.
The way this measure was passed is a democratic travesty - rushed through with deals negotiated in secret and not in open committee. When civil society and national parliaments have no chance to find out what is happening, when the proper co-decision timetable is discarded, there is little chance to intervene. Such a procedure diminishes respect for the European Parliament and lacks any legitimacy whatsoever.
Mandatory data retention will place all the communications of everyone under surveillance. In 2002 the same grand coalition steam-rolled through the Directive on privacy in telecommunications opening the door to state agencies. In December 2004 the mandatory taking of finger-prints for passports was agreed and in April 2004 an EU PNR (passenger name record) for everyone flying in and out too. The asylum procedure directive - which is a disgrace to any notion of humanity and the rule of law - was formally adopted last week. The cost of the "war on terrorism" to democratic standards is mounting as each year goes by. Today we have seen another nail driven into democracy's coffin"
EU: Mandatory data retention: Council
agreed position on mandatory retention of communications data
(dated 2.12.05, pdf) Press reports suggest that the European
Commission will accept these changes to its draft Directive.
To work though the European Parliament has to adopt exactly the
same amendments at its plenary session 12-15 December - the deadline
for amendments is 7 December. Posted 3.12.05.
Tony Bunyan, Statewatch editor, comments:
"This is turning into a democratic fiasco. The Council has a long list of reservations by member states and four substantive issues where it disagrees with the European Parliament. The European Parliament rapporteurs have had three secret trialoges with the Council and the Commission - now the PPE (conservative group) and the PSE (socialist group) appear to be carrying out their own negotiations with the Council with the aim of rushing through the measure before Xmas under the "fast-track" procedure (intended for non-controverisal measures).
It is quite impossible for anyone, outside of a handful of people, to follow what is going on. If national parliaments and civil society cannot track the decision-making procedure they are unable to make their views known. This is compounded by a virtual media silence - until the "deal" on the measure was sown-up on 2 December - leaving the people of Europe in ignorance about the decision to place under surveillance everyone's communications.
A decision taken in this fashion will utterly lack legitimacy."
1. Draft
Council text of the Directive (doc 15101/05, 1.12.05)
2. Extensive
list of Member State Reservations on the draft text in 15101/05
(doc 15101 ADD 1, 1.12.05)
3.
Note from Presidency setting out four areas for decision of Council
on its position (doc: 15220/05, 1.12.05)
Council position as at 29 November 2005
* EU: Mandatory
data retention: Report from the European Parliament Committee
on Civil Liberties as amended (see below) dated 28
November 2005. This followed a series of further "compromise"
amendments supported by yje PPE (conservative), PSE (socialist)
and ALDE
(liberal) groups: Data
retention a step closer - privacy sell out as EP committee approves
"compromises" reached in secret meetings
The vote was 33 to 8 in favour of the PPE-PSE amendments, with
5 abstentions, Green/ALDE and GUE (left) MEPs voting against
(see Green
group press release).
* The first negotiating "trialogue" between the
Council, Commission and the European Parliament was held on 15
November (the next is on 22
November). After the meeting:
- Mr Cavada, the chair of the Committee on Civil Liberties
(LIBE) sent a letter to Mr Borrell, the President of the European
Parliament: Cavada
letter to Borrell
- the UK Presidency of the Council sent a report to COREPER set
out 11 areas of difference with the European Parliament: Council
report from
the UK Presidency (doc no: 14328/05)
- the European Parliament set of an amended list of "compromise
amendments": EP,
17 November - amendments
- key points in Council and EP positions above: Mandatory
data retention - the shifting sands of "compromises"
reached out of public
view
* EU: Mandatory data retention: European Parliament rapporteurs
agree list of "compromise" amendments: "Compromise
amendments" -
14.11.05 (19 pages, pdf) - this has been whittled down
from the: Full
list of amendments (167 pages, pdf). The parliament's
new list of
amendments were the basis for a "trilogue" (closed
meeting between rapporteurs, Council and Commission) on 15 November.
If a common set of
"compromise" amendments can be agreed between the parliament
and the Council they will be "fast-tracked" through
to the plenary session on
14-15 December for adoption.
* Meanwhile the UK
Select Committee on European Scrutiny in the House of Commons
put out a Report (pdf) on 8 November which
says that the proposal is still under scrutiny awaiting further
information from the Home Office Minister. It notes: "No
date set" for the proposal to
be discussed in Council. In Brussels the UK Presidency of the
Council hopes to get agreement before the Justice and Home Affairs
Council on
1-2 December and for the measure to be adopted before Christmas.
How national parliaments are meant to keep under meaningful scrutiny
a
proposal whose content is changing day by day is a mystery.
* Council
negotiating position (8.11.05)
* Comparative chart showing Commission draft Directive, the Council's
view and EP amendments: Chart
(pdf) The first "trilogue" between the
Council and the European Parliament (EP) will take place on 10
November: A timetable has been circulated to MEPs which would
allow a
"compromise" to be reached with the Council and for
the measure to be agreed at 1st reading ("fast-track")
at the plenary session on 14-15
December.
* EU: Mandatory
data retention: Amendments proposed to the Council's draft Directive
for the Committee on Civil Liberties in the
European Parliament
* UK-EU: Data
retention and police access in the UK - a warning for Europe
* Critical
Opinion of the Article 29 Working Party on Data Protection
(pdf)
This Observatory is tracking the legislative process in the
EU on the Council's (the 25 EU governments) proposal to introduce
the mandatory
retention of telecommunications data by service and network providers
which will be accessed by law enforcement agencies. If adopted
it will
mean that everyone's communications (phone-calls, e-mails, faxes,
mobile phone-calls including location, and internet usage) will
be stored and can
be accessed in relation to any suspected crime, however minor.
The Council, through its UK Presidency, is putting pressure
on the European Parliament to rush through the measure at 1st
reading (even though
the Council has taken over four years to come up with a proposal
- which is still not finalised in the Council). Negotiations
between the Council
and the European Parliament to try and reach a fast-track "deal"
begin on 15 November (this "trialogue" will include
the UK Ambassador, Mr
John Grant and the Commission).
Discussions on access to telecommunications by the law enforcement
agencies began in 1993 in Quantico, USA (the Headquarters of
the FBI).
For the history and documentation see: EU-FBI
Observatory Later developments are included in: SOS Europe
Background: The issues and documentation
The background and documentation are divided
into five sections:
1. The Council
2. The European Commission
3. EU Data Protection Authorities
4. The European Parliament
5. Civil society
"If the security and intelligence agencies - who are
at the forefront in stopping terrorist attacks - need access
to the telecommunications
data to be retained it is very hard to believe that EU governments
would have taken over four years to come up with a proposal which
will not come into effect for at least two further years. If
this is the case they would be guilty of gross negligence and
failure to protect
the people of Europe. However, if additional powers are needed
they should be strictly limited to dealing with terrorism and
related
offences." - Tony Bunyan, Statewatch editor.
1. The Council
Under the last Austrian EU Council Presidency
in 1998 the infamous "ENFOPOL
98" (see: EU
governments to give law enforcement
agencies access to all communications data - analysis)
was circulated, but the proposal was dead after widespread condemnation
by civil
society groups and individuals. This remained the situation until
Conclusions
of the special meeting of the Justice and Home Affairs Council,
20 September 2001. This was followed by the George
Bush's letter to the EU of 16 October 2001 which included
the demand to:
"Revise draft privacy directives that call for mandatory destruction to permit the retention of critical data for a reasonable period."
In August 2002 Statewatch was leaked a proposal drafted by
the Belgian government (backed by the UK) to introduce mandatory
data retention
and the exchange of the data between law enforcement agencies:
EU:
data retention to be "compulsory" for 12-24 months
(pdf) and
CONFIDENTIAL:
Belgian proposal. The Danish EU Presidency issued a statement
denying the existence of the Belgian draft (already
published by Statewatch): EU
Presidency issues statement on data retention
In 2003 Statewatch published an analysis showing that nine
out of 15 EU governments were intending to introduce data retention
at national level.
The position in EU member states (based on unpublished documents):
EU:
Majority of governments introducing data retention of
communications
It was not until 28 April 2004 that four member states (French
Republic, Ireland, the Kingdom of Sweden and the United Kingdom)
to put
forward a proposal: 8958/05
(pdf). Between 28 April 2004 and 31 May 2005 six versions of
the proposals were available on the Council's
register of documents, eight were partially accessible ("PA",
with the names of member states blanked out so that no-one could
see what their
governments were arguing) and one was not accessible. Between
1 June and 25 October 2005 there are no less than 13 substantive
Council
drafts, none of which are publicly available on the Council's
register of documents.
The latest full draft of the Council's proposal, dated 10
October 2005: 12894/1/05
- this shows that there were major reservations by many
member states on issues of substance. For example:
"In order to address the reservations in relation
to Internet data, the Presidency had proposed a compromise package
whereby "Internet
chat" was included in Article 2(2) along with the wording
proposed by FI ("provided by publicly available electronic
communications
service providers"). In conjunction with that, a "review
clause" was inserted in Article 8. Several delegations (IT/HU/ES/CZ)
could
accept or supported the Presidency proposal. Others wanted to
go further and include logs of web browsing, Internet chat and
peer-to-peer communications (BE/SW/LT/DK). However AT/FI/LV/DE/FR/IE/GR/SK/EE
could not accept the inclusion of Internet chat
or other Internet data types expressing concern that the inclusion
of such data might have an impact on the costs incurred and /
or
require more in-depth consideration in respect of a clear
distinction between traffic data and content data which might
risk delaying
discussions. They thought that the outcome of the meeting of
the Working Party in July 2005 reflected the minimum consensus
and
wanted to revert to that wording. The proposed review clause
met with acceptance." (emphasis added)
However, despite this "compromise" Greece and Estonia
maintained a "Scrutiny reserve" on the whole of Article
2 and Austria, Poland, Czech
Republic, Cyprus, Slovenia, Latvia, Hungary and Finland maintained
"Scrutiny reservations" on paragraphs 2-6 of Article
2.
The concern expressed by nine governments over "a clear
distinction between traffic data and content data" has,
under Article 8, simply been
deferred until 1 January 2008 when:
"The Council shall thereafter review the list of data
to be retained in particular with reference to the possibility
of including additional
types of Internet data."
A clear distinction between access to traffic data and its content is thus blurred.
A further document, 24.10.05, shows the Council working on
two tracks: 1) to try and finally agree their own proposal and
2) proposing
amendments to the Commission draft Directive: 13624/05
The big issue, which has obscured the debate over the substantive
issues, is the legal basis of the Council proposal. Both the
Legal Services of the
Council and the European Commission said that the proposal had
to be split in two - the mandatory retention of data by service
providers coming
under the TEC (Treaty establishing the European Communities)
where the European Parliament has powers of co-decision (ie:
the Council and
parliament have to agree on the final text) and access to the
retained data by LEAs as a Framework Decision under the TEU (where
the
parliament is only consulted). See: Statewatch
report and the Opinions of the Legal Services. Both concluded
that if the Council were to
pursue a single measure it would almost certainly be challengeable
in the Court of Justice. Indeed the Council itself notes if adopted
as a single
measure it could:
"be annulled: this could result in claims for compensation
from any operator who had already been obliged to implement the
measure"
(EU doc no: 13036/05)
Although these Opinions were dated 22 March 2005 (Commission)
and 5 April 2005 (Council) the Council carried on for five months
as if they
did not exist - only belatedly has the Council grudgingly suggested
that it might agree to back the Commission's draft Directive
on mandatory data
retention, but only if agreement can be reached with the European
Parliament by the beginning of December (in time for the Justice
and Home
Affairs Council on 1-2 December), see, letter from UK Home Secretary,
Charles Clarke, representing the UK Council Presidency: Clarke
letter
to Cavada (Mr Cavada is chair of the parliament's Committee
on Civil Liberties).
The latest Council document (13789/05, dated 28.10.05) sets out:
a. Outstanding issues to be agreed by member states
b. The Council's proposed amendments to the Commission's draft
Directive
c. The latest versions of the Council's draft Framework Decision
(to be read in conjunction with:
12894/1/05) doc no: (13789/05,
dated
28.10.05) and 14023/05
(8.11.05) - effectively the Council's negotiating positions.
What is quite extraordinary about the Council's demand that the European Parliament rush the measure is that the Council has not even agreed its own final text.
2. The European Commission
Following the initiative in the Council by
four member states the European Commission DG Information Society
and DG Justice and Home Affairs
held a public consultation on the issue of traffic data retention
in August 2004: Consultation
document (pdf)
In the autumn of 2004 the Commission placed on record its
reservation about the legal basis of the Council's proposal.
Once the legal opinions of
both institutions were published it was only a matter of time
before the Commission put forward its own proposal, which it
did on 21 September
2005: Commission
proposal for a Directive and Commission
Extended Impact Assessment
The Commission's proposal differs from that of the Council in terms of scope. While the Council's proposal covers:
"the purpose of investigation, detection and prosecution of criminal offences."
the Commission says it should cover:
"the purpose of the prevention, investigation, detection
and prosecution of serious criminal offences, such as terrorism
and organised
crime."
The scope of the Commission's definition is more limited but
as "serious criminal offences" are today defined by
the EU very broadly it is a major
extension from covering terrorism and directly related offences.
What is worthy of note is that the powers under the UK's Anti-Terrorism,
Crime and Security Act, passed in 2001, the scope of the
retention of data by service and network providers is strictly
limited to "national security" and offences "directly
or indirectly
related to it. Under the Act the Home Secretary can request the
retention of data:
"(a) for the purpose of safeguarding national security:
or
(b) for the purpose of prevention or detection of crime or the
prosecution of offenders which may relate directly or indirectly
to national
security" (Section 102.3, emphasis added)
The Commission's proposal is also:
" far more invasive than the Council proposal. The
Commission defines 'communication' as involving "any information
exchanged or
conveyed between a finite number of parties by means of a publicly
available electronic communications service". Therefore
the
Commission is proposing the tracing of all forms of Internet
transactions. This means that communications service providers
could be
compelled to store their mail server logs, web cache logs, and
IP flow logs[4] for six months without any regard to necessity
or
proportionality." (NGO letter to MEPs, 26.9.05)
The Commission's proposal utterly fails to deal with data
protection. As its proposal comes under the "first pillar"
(TEC) the personal data retained
by service and network providers comes under the 1995 Data Protection
Directive. Its Extended Impact Assessment simply asserts that
as the
1995 Directive has been implemented by all member states there
is no need for any further provisions and that "citizens
can exercise their powers
as granted under these instruments" (p20). But what are
the powers of the citizens at national level? Do the powers and
resources vary from state
to state?
Well the conclusion of the only report on the operation of
the 1995 Directive in the member states was published in 2003:
1st report on the 1995
Directive and its Technical
report. The first report notes that there were variations
in powers between states, many data protection authorities
were under-resourced and patchy compliance by data controllers.
It concludes that if these tendencies are confirmed:
"they are reasons for serious concern and reflections
need to be undertaken between the Commission and the Member States
and the
supervisory authorities to determine their causes and design
feasible solutions."
In particular the report notes that:
"The provisions containing safeguards have not been
adopted by all Member States. Where they exist, they are often
unsatisfactory. The
situation is similar as regards Article 8 (4) and (5) - the processing
of sensitive data for reasons of public interest or with regard
to
criminal convictions. The absence of safeguards means the
required level of protection for individuals is not being met,
which should be
a matter of concern for the Member States, as it is for the Commission."
(emphasis added)
Whereas the justification for the Commission's proposal on
mandatory data retention is to get rid of a "patchwork"
of different powers in member
states, when it comes to data protection there is silence. The
1995 Directive was implemented in the then members states by
1998 since when
there has been just one report whose reservations has also been
meet with an institutional silence. Moreover, with the shift
of responsibility for data
protection from the Internal Market DG to the so-called "Freedom,
Justice and Security" DG there is little prospect of any
action, see: Data
protection handed to the DG for “law, order and security”
As noted above the Council's proposal covers two areas: 1)
the mandatory retention of telecommunications data by service
and network providers
- to which the Commission has responded with a proposed Directive
and 2) access to the retained data by law enforcement agencies
and the
exchange of that data between them (and under the "principle
of availability" to non-EU states too) - however, the
Commission has yet to
published a proposal for a Framework Decision on this second
aspect. It is hard to see how the European Parliament can properly
consider the first proposal without having sight of, and time
to consider, the second one.
3. EU data protection authorities
The European Data Protection Supervisor (EDPS)
has produced a report on the Commission's proposal calling for
substantial changes: EDPS
Report
The Article 29 Data Protection Working Party on the Council
initiative by four members states - the Council proposal in November
2004: Article
29 Working Party opinion The the Working Party has adopted
a further report on the Commission's proposal: WP
113 (21 October). See also:
Privacy
International comments
The European Parliament should seeks to effect all the recommended amendments proposed by these two bodies.
4. The European Parliament
The first battle for the European Parliament
was to insist that the Council proposal be dropped - due to its
faulty legal basis - and for two
proposals to be presented. One based on the mandatory retention
of data under the TEC, on which it has powers of co-decision,
and another on
access to the data and its transfer under the TEU on which it
is only consulted.
A report adopted by the parliament's Data
retention by Mr Alvaro the rapporteur from the Committee
on Civil Liberties sought to clear up the
legal basis. Mr Alvaro has since prepared: Amendments
to the Commission proposed Directive (19.10.05)
European Digital Rights (EDRI) report that Charles Clarke
was not at his most diplomatic when he addressed the Committee
on Civil Liberties on
13 October. He told the Committee that if they did not agree
the proposal before December Justice and Home Affairs Council
(1-2 December)
the Council would adopted their draft Framework Decision. Moreover
he is reported to have told MEPs that if parliament failed to
do this "he
would make sure the European Parliament would no longer have
a say on any justice and home affairs matter". "Technical"
briefing by the
Commission to the European Parliament's Committee on
Civil Liberties.
As is clear from the Clarke
letter to Cavada (UK Home Secretary, Charles Clarke,
representing the UK Council Presidency and Mr Cavada is
chair of the parliament's Committee on Civil Liberties) the Council
is trying to blackmail the European Parliament with the threat
that it will go
ahead with its own Framework Decision. In his letter to Mr Cavada,
Clarke says:
"the Framework Decision will remain on the table,
as an option favoured by a large number of delegations. However,
a majority of
delegations were also open to a Directive"
The Council is saying if the Directive can be adopted "by
the end of the year" and the text matches their demands
then they will go down this
path. In truth the Council has no choice but to drop its proposal
and go along with two draft measures and it knows it.
Clarke's letter to 17 October is slightly more conciliatory
but contains the same veiled threat of reverting to the original
Council proposal. He wants
to work closely with the parliament "to maximise common
ground... by the end of the year". He ends by saying that
if all three institutions (Council,
Commission and European Parliament) cooperate it will:
"show that we are serious about working together to make a difference to the daily lives of our citizens"
A statement that is ambiguous to say the least - the measure will certainly make a difference, the question is what kind of difference?
At the meeting in the European Parliament of the "Conference
of Presidents" (the Group leaders of the parties) on 20
October mandated Mr
Cavada and the committee to pursue negotiations with the Council.
Such "trilogue" meetings between the Council, Commission
and European
Parliament representatives take place behind closed doors.
The only way the parliament can meet Charles Clarke's early
December deadline is through a first reading co-decision "deal"
- by agreeing a set of
common amendments to the Commission draft Directive which are
then formally adopted by the Council and by the Committee on
Civil Liberties
and then plenary session of the parliament - this "fast-track"
procedure is intended to deal with uncontroversial measures,
which is certainly not true
in this case.
It should be remember that the need for this proposal was
agreed by the Council over four years ago (20 September 2001)
so it is to be hoped
that the parliament will not succumb to "inter-institutional"
pressure and take all the time necessary to ensure that the liberties
and privacy of the
people of Europe are properly protected.
5. Civil society
Civil society - NGOs and groups working on
civil liberties, privacy, lawyers and journalists - have opposed
the measure from the start. They
remain unconvinced as to the need and are equally certain that
if introduced the powers will, on occasion, be misused and abused.
They are not
convinced that EU data protection provisions will give any meaningful
protection to the individual, who will have no right to be told
they have been
under surveillance - unless, of course, they are arrested and
charged. And if they have no "right to know" they will
have no right to correct the data
or to be told which agencies information on them has been passed
and how it has been added to (inside and outside the EU).
These views are exacerbated by the so-called "principle
of availability", invented under the Hague Programme, where
intelligence and information
held by an agency in one member state can be passed to that in
another or to a non-EU state.
Where governments, officials and many parliamentarians are
inclined to place their trust in the law enforcement (and security)
agencies, concerned
civil society see this measure as one of many where these agencies
will become self-regulating and unaccountable.
In September 2004 an Open Letter opposing mandatory data retention
was sent to the European Parliament from 170 groups/companies
- 90
NGOs and 80 telecoms companies: Open
letter on mandatory data retention
Among the main concerns are:
1. If the security and intelligence agencies - who are at
the forefront in stopping terrorist attacks - need access to
the telecommunications data to
be retained it is very hard to believe that EU governments would
have taken over four years to come up with a proposal which will
not come into
effect for at least two further years. If this is the case they
would be guilty of gross negligence and failure to protect the
people of Europe.
However, if additional powers are needed they should be limited
to dealing with terrorism and related offences.
2. The terrible terrorist attacks in the USA, Madrid and London
should not be used to justify placing all communications in the
EU under
surveillance, making everyone a potential "suspect".
This is exactly what the EU governments (the Council) want to
do when they propose that the
retained data can be used for any suspected criminal offence,
however minor.
3. The wholesale retention of all communications of everyone
is contrary to the findings of the European Court of Human Rights
(under Article 8).
This interference with the privacy rights of every user of European-based
communications services cannot be justified under the limited
exceptions
envisaged by Article 8 because it is neither consistent with
the rule of law nor necessary in a democratic society. The indiscriminate
collection of
traffic data offends a core principle of the rule of law: that
citizens should have notice of the circumstances in which the
State may conduct
surveillance, so that they can regulate their behaviour to avoid
unwanted intrusions. Moreover, the data retention requirement
would be so
extensive as to be out of all proportion to the law enforcement
objectives served.
4. The question of cost has been fudged by the Council and
the Commission. What has not been highlighted is that service
and network
providers will be asked to retain a lot more data on each communication
than they ever did for billing purpose. The "institutional
consensus" seems to be to leave it to national decision-making
whether government are going to help pay for the storage and
access to mountains
of data or whether the cost will be passed on to the customer.
Either way we will all end up paying for our own surveillance.
5. Even the USA has not proposed such a measure, nor will it apply to a service providers from outside the EU.
6. The bottom line is, what kind of society do we want to
live in - one where democratic values and standards are maintained
in the face in terrorist
attacks or one which no Western country would have dared bring
about during the Cold War?
"Therefore the European Parliament now faces a crucial
decision. Is this the type of society we would like to live in?
A society where all
our actions are recorded, all of our interactions may be mapped,
treating the use of communications infrastructures as criminal
activity;
just in case that it may be of use at some point in the future
by countless agencies in innumerable countries around the world
with
minimal oversight and even weaker safeguards." (NGO
letter to MEPs,2.9.05)
Tony Bunyan, Statewatch editor, comments:
"The Council has failed to convince many of us of
the need for this measure. But it is good that on such a momentus
issue - placing all
the communications of everyone under surveillance - that the
European Parliament has the full powers of co-decision. These
are powers
it should use to the full:
1. The initiative for this measure came out of the EU's
reaction to 11 September 2001, its scope should thus be limited
to terrorism and
directly related offences. If the security and intelligence agencies
- who are at the forefront in stopping terrorist attacks - need
access to
the telecommunications data to be retained it is very hard to
believe that EU governments would have taken over four years
to come up
with a proposal which will not come into effect for at least
two further years. If this is the case they would be guilty of
gross negligence
and failure to protect the people of Europe.
2. To call on the Commission to prepare a report on data
protection laws and practices in all member states - the Commission
says in its
proposal that nothing more is needed on data protection as this
is catered for in national laws, but what protection do these
laws provide
and do they vary?
3. To introduce amendments to put in place all the recommendations
from the European Data Protection Supervisor and the Article
29
Working Party on data protection
4. To review the critiques of NGOs and groups in civil society
The Council has taken four years to bring forward this
proposal and still does not have its own agreed text. The European
Parliament
should take all the time it needs to properly consider the measure
for this is what the people of Europe expect - to ensure that
these
powers are strictly limited in scope and that their rights to
data protection and privacy are not endangered."
1. Civil
society letter to Members of the European Parliament on data
retention proposals, from 21 NGOs
2. Open
letter on mandatory data retention with 170 signatories
- 90 NGOs and 80 from industry, September 2004
3. Privacy
International
4. EDRI: European Digital Rights
5. Quintessenz
6. The
Register
7. Data
retention is no solution - petition signed by 54,998
individuals and 79 organisations
8. Statewatch
database search for "data retention"
9. International Campaign Against Mass Surveillance (ICAMS) Report
10. Dutch
ISPs letter to the European Commission (pdf)
11. The
Information Technology Association of America (ITAA) comments
on proposal (pdf)
for the general context see:
11.
While Europe sleeps - under the "war on terrorism"
a veneer of democracy is legitimating the creation of a surveillance
state
12. There
is no “balance” between security and civil liberties
– just less of each
13.
Data retention comes to roost - telephone and internet privacy
to be abolished (Statewatch News Online, April 2004)
You can also search the Statewatch
database search for "data retention" (currently
there are 142 entries - for access to items more than six
month old you need a subscription to Statewatch
Online).
Filed 15.12.05
© Statewatch
ISSN 1756-851X. Personal usage as private individuals/"fair
dealing" is allowed. We also welcome links to material on
our site. Usage by those working for organisations is allowed
only if the organisation holds an appropriate licence from the
relevant reprographic rights organisation (eg: Copyright Licensing
Agency in the UK) with such usage being subject to the terms
and conditions of that licence and to local copyright law.