EU: Final decision on surveillance of communications
European Commission sells-out, European Parliament vote due in May

Statewatch bulletin, January-February 2002, vol 12 no 1

The Council of the European Union (the 15 EU governments) and the European Parliament are on a potential
collision course over data retention. The issue is whether details of all telecommunications (phone-calls,
e-mails, faxes and web usage) should be retained so that the EU's law enforcement agencies (LEAs, police,
customs, immigration, security and intelligence agencies) can get access (see Statewatch vol 11 no 3/4).

At the end of January the European Commission caved in and lent its support to the Council's Common
Position on the issue - thus abandoning its long-standing support for the EU's Data Protection Commissioners
and the Article 29 Data Protection Working Party who oppose data retention.

The European Parliament is due to adopt its 2nd reading report in Committee on 18 April and to vote on
this report in the second half of May. The European Parliament will be under great pressure to abandon its
opposition to the general surveillance of telecommunications now that the Council and the Commission are
in agreement.

The final measure has to be agreed by the three institutions under the co-decision procedure. The history
of the procedure so far is that the Commission put forward a proposal to update the 1997 Directive in 2000
(this contains few major changes), the European Parliament adopted its 1st reading position on 13.11.01, the
Council adopted its "Common Position" on 28.1.01 and just two days later the Commission produced its
assessment of the Council's view. The parliament now has to adopt its 2nd reading position after which
(unless it accepts the Council's position), the Council will in turn reject, then the issue will go to a
Conciliation Committee.

The battle lines

The division of opinion between the Council and the European Parliament (and the European Commission
until December 2001) concern: i) the current requirement for service providers to delete call and traffic data
when no longer needed for billing purposes; ii) replacing a current provision under the 1997 Directive
allowing for the retention of data in specific cases (ie: when authorised to do so by a warrant or judicial order)
by a power authorising the retention of all data - which can be accessed by the law enforcement agencies.

The pressure for the Commission to cave in built up after 11 September. On 20 September the specially
called meeting of the Justice and Home Affairs Council called for the LEAs to have access to data "for the
purposes of criminal investigation" (emphasis added).

On 16 October the pressure mounted with the US/Bush letter to Romano Prodi, President of the
Commission, which called for reconsidering "data protection issues in the context of law enforcement and
counter-terrorism imperatives" and for the revision of "draft privacy directives that call for mandatory
destruction to permit the retention of critical data for a reasonable period" - the powers being demanded by
the US in the EU do not exist there even after the far-reaching PATRIOT Act was passed.

At its meeting on 16 November the Council's Working Party on Telecommunications was close to
finalising its draft "common position" which was adopted by the Telecommunications Council on 6-7
December. This proposed that Article 15.1 of the revised 1997 Directive should include:

"Member States may inter alia provide for the retention of data for a limited period justified on the grounds laid down in this paragraph, in accordance with the general principles of Community law"

When combined with the deletion of the obligation to erase data from Article 6 this proposal renders privacy
in communications worthless.

The European Parliament's 1st reading position says:

"These measures [to retain data] shall be entirely exceptional, based on a specific law which is comprehensible to the general public and be authorised by the judicial or other competent authority on a case-by-case basis. Under the European Convention on Human Rights and pursuant to ruling issued by the European Court of Justice, any form of wide-scale general or exploratory electronic surveillance is prohibited"

At the meeting of the Telecommunications Council on 6-7 December the Commission signalled that it
intended to drop its opposition to changes leading to the retention of data (Article 6) and to the Council's
formulation for Article 15.1. In response the EU's Article 29 Data Protection Working Party issued a strongly
worded report on 14 December. This said that:

"Measures against terrorism should not and need not reduce standards of fundamental rights which characterise democratic societies.. [and rejected the] increasing tendency to represent the protection of personal privacy as a barrier to the efficient fight against terrorism"

This was to no avail. On 29 January the Council issued its "Statement" of reasons for rejecting the
parliament's position which was based on:

"a wording better reflecting the balance between protection of privacy requirements and the needs of Member States authorities responsible for ensuring security in a democratic society"

A euphemism for saying that the latter has priority over the former with the Council explicitly saying that
certain issues had to be clarified "in the light of the threat posed by the events of 11 September 2001".

On 30 January the European Commission issued its official reaction to the positions of the Council and
the parliament and said: "the Commission can accept the added sentence in Article 15.1" by the Council.

The Brussels "spin machine" is saying there is no problem, the power set out in the Council's Article
15.1 is not binding on member states and therefore cannot be portrayed as introducing the general retention
of data. What this view ignores is the fact that all EU governments are committed to introducing the general
retention of data because surveillance only works if all countries have the same powers. Even before 11
September the Netherlands, Belgium and France had, or were planning, to introduce such powers and the UK
had a voluntary agreement in the pipeline (now superseded by the Anti-terrorism, Crime and Security Act
2001, ATCS) - now across the EU these powers are being introduced. The "Regulatory Assessment" on the
UK ATCS Act says:

“Data relating to specific individuals under investigation will only be available if data relating to the communications of the entire population is retained”

The EU's Police Chiefs Operational Task Force wants to get access to communications data for "research
purposes", that is, not for specific investigations but for "fishing expeditions".

Once the fundamental principles in the existing 1997 Directive on privacy and telecommunications are
cast aside they will never be reinstated. It is to be hoped that the European Parliament maintains its
opposition to the proposals and insists that fighting "terrorism" cannot lead to the undermining of democratic

Statewatch News online | Join Statewatch news e-mail list | If you use this site regularly, you are encouraged to make a donation to Statewatch to support future research | Subscribe to Statewatch online just £10 a year

© Statewatch ISSN 1756-851X.Material may be used providing the source is acknowledged. Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.