Surveillance of communications
EU: data retention to be "compulsory" for 12-24 months

- draft Framework Decision leaked to Statewatch  (analysis and full-text: pdf file)



Statewatch's analysis shows that there are "grave gaps in civil liberties protection":

- there are no grounds for refusing to execute a request on human rights grounds
- there are no limits as to what data can be exchanged where member states allow for the retention of data on all crimes, not just the 32 listed
- there is no reference to supervisory authorities on data protection
- there is no reference to the individual's right to correct, delete, block data nor compensation for misuse or for related judicial review
- no reference to controls on the copying of data
- no rules for checking on the admissibility of data searches


Even as the European Parliament was discussing and voting on fundamental changes to the 1997 EC Directive on privacy in telecommunications the Belgian government was drafting (and circulating for comment) a binding Framework Decision on the retention of traffic data and access for the law enforcement agencies - a copy of which has been leaked to Statewatch.

Under the guise of tackling "terrorism" the EU's Justice and Home Affairs Minister decided on 20 September 2001 that the law enforcement agencies needed to have access to all traffic data (phone-calls, mobile calls, e-mails, faxes and internet usage) for the purpose of criminal investigations in general.

What stood in the way was the 1997 EC Directive on privacy in telecommunications. This was the follow-up to the hard-won 1995 EC Directive on data protection, now law across the EU. The 1997 EC Directive said that the only purpose for which traffic data could be retained was for billing (ie: for the benefit of customers) and then it had to be erased. Law enforcement agencies could get access to the traffic data with a judicial order for a specific person/group.

The "deal" agreed between the Council (the 15 governments) and the two largest parties in the European Parliament (PPE, conservative and PSE, Socialist groups) means that there are two crucial amendments: i) the obligation to erase data has been deleted and ii) EU member states are allowed to pass laws requiring communications providers to keep traffic data for a so-called “limited period”.

One of the arguments used to legitimise the move during the discussions in the European Parliament was that the change to the 1997 Directive simply enabled governments to adopt laws for data retention if national parliaments agreed. The document leaked to Statewatch shows that EU governments always intended to introduce an EC law to bind all member states to adopt data retention.

The draft Framework Decision says that data should be retained for 12 to 24 months in order for law enforcement agencies to have access to it. In theory the agencies will still need a judicial order to trawl back through the records of a targeted person(s) - though this legal nicety has never stopped the internal security agencies getting access in many countries. The Framework Decision also carries a strong hint that another measure is in the pipeline, one to allow law enforcement agencies access to the content as well as the traffic data of communications.

Now the traffic data of the whole population of the EU (and the countries joining) is to be held on record. It is a move from targeted to potentially universal surveillance.

On 14 August the Danish Presidency put out to all EU governments a "Questionnaire on traffic data retention" for completion and return "preferably by e-mail" by Monday 9 September. See below for full-text of documents 11490/02 and 11490/1/02 - the only difference between the two documents is that the reference to "in collaboration with the Commission" has been deleted from the final version.

Tony Bunyan, Statewatch editor, comments:

““EU governments claimed that changes to the 1997 EC Directive on privacy in telecommunications to allow for data retention and access by the law enforcement agencies would not be binding on Members States - each national parliament would have to decide. Now we know that all along they were intending to make it binding, “compulsory”, across Europe.

The right to privacy in our communications - e-mails, phone-calls, faxes and mobile phones - was a hard-won right which has now been taken away. Under the guise of fighting "terrorism" everyone's communications are to be placed under surveillance.

Gone too under the draft Framework Decision are basic rights of data protection, proper rules of procedure, scrutiny by supervisory bodies and judical review”

Background documents



1. Full-text of the draft Framework Decision on data retention and access by the law enforcement agencies:
Text
2. Analysis of the draft Framework Decision: Analysis (html)
3. Full-text, report and analysis as a pdf file:
Analysis (pdf, 65k)
4. EU Questionnaire on traffic data retention:
11490 (pdf) 11490 REV 1 (pdf)

5.
European Parliament caves in on data retention: Report
6. Background on the surveillance of telecommunications in the EU see:
S.O.S.Europe & EU-FBI surveillance plan
7. See also Statewatch's post 11 September Observatory: effects on civil liberties
8. Statewatch has produced 11 in-depth analyses on new measures post 11 September affecting civil liberties and the rights of refugees and asylum-seekers: Analyses

Press coverage (links)

9.   ZD Net News
10. Guardian
11. BBC online
12. Financial Times
13. Silicon.com
14. New Scientist
15. ISP Review
16. The Register
17. Euractiv.com
18. El Mundo
19. Helsingin Sanomat (Finland)
20. Le Monde

See follow up story: Danish Presidency denies data retention

revised 23.8.02


Statewatch News online
Join Statewatch news e-mail list
- regular e-mails listing all material added to websites
Statewatch subscription websites - Statewatch bulletin/database + EU justice and home affairs

© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.