6 December 2005
To all Members of the European Parliament
We the undersigned are calling on you to reject the 'Directive
of the European Parliament and the Council on the Retention of
Data Processed in Connection with the Provision of Public Electronic
Communication Services and Amending Directive 2002/58/EC' when
it comes to a plenary vote on December 12, 2005.
Adopting this Directive would cause an irreversible shift
in civil liberties within the European Union. It will adversely
affect consumer rights throughout Europe. And it will generate
an unprecedented obstacle to the global competitiveness of European
A Directive Fraught with Problems
In the Information Society every human action generates transaction
logs. Our movements, our purchases, and our interactions with
others can be routinely logged in public and private sector databases.
In recognition of this, the European Union led the world in establishing
a data privacy regime to limit the collection, processing, retention,
and accessing of this information. Now the Council is demanding
that the European Parliament reverse its position and lead the
world in introducing mass surveillance of our activities.
Under existing EU law many of these logs are already available
for law enforcement purposes for as long as the telecom industry
service providers retain them for business purposes. Justice
and Home Affairs officials are pushing to make available even
greater stores of information.
The Directive proposes the collection of information on everybody's
communications and movements. The storage of such "communications
traffic data" allows whoever has access to it to establish
who has electronically communicated with whom and at what time
and at which location, over months and years.
In recent meetings with the Justice and Home Affairs Council
on 1 and 2 December 2005, it appears that the European Parliament
suddenly agreed to the collection of information on everybody's
communications and movements for very broad law enforcement purposes,
in spite of having rejected this policy twice before.
We call on the Members of the European Parliament to reject
this policy for the following reasons.
1. This Directive invades the privacy of all Europeans.
The Directive calls for the indiscriminate collection and retention
of data on a wide range of Europeans' activities. Never has a
policy been introduced that mandates the mass storage of information
for the mere eventuality that it may be of interest to the State
at some point in the future.
2. The proposed Directive is illegal. It contravenes
the European Convention on Human Rights by proposing the indiscriminate
and disproportionate recording of sensitive personal information.
Political, legal, medical, religious and press communications
would be logged, exposing such information to use and abuse.
3. The Directive threatens consumer confidence. More
than 58,000 Europeans have already signed a petition opposing
the Directive. A German poll revealed that 78% of citizens were
opposed to a retention policy. The Directive will have a chilling
effect on communications activity as consumers may avoid participating
in entirely legal transactions for fear that this will be logged
4. The Directive burdens EU industry and harms global competitiveness.
Retention of all this data creates additional costs of hundreds
of millions of Euros every year. These burdens are placed on
EU industry alone. The U.S., Canada and the Council of Europe
have already rejected retention.
5. The Directive requires more invasive laws. Once
adopted, this Directive will prove not to be the ultimate solution
against serious crimes. There will be calls for additional draconian
- the prior identification of all those who communicate, thus
requiring ID cards at cybercafes, public telephone booths, wireless
hotspots, and identification of all pre-paid clients;
- the banning of all international communications services
such as webmail (e.g. Hotmail and Gmail) and blocking the use
of non-EU internet service providers and advanced corporate services.
An Illegitimate Process
Proponents of retention policy are sweeping these concerns
aside and are harmonising measures to increase surveillance while
failing to harmonise safeguards against abuse. European opposition
has been high, and the arguments against reasoned and justified.
The continued life of this policy in Europe is inexplicable save
for the illegitimate policy process that is being pursued by
the policy's proponents.
These proponents claim that retention is spreading across
Europe. In fact, less than five countries have some form of mandatory
data retention in place, and even fewer apply the practice to
The Council is demanding that the European Parliament approve
a regime that parliaments in the Member States have already rejected.
For instance the UK Presidency is proposing a policy that has
already failed in the UK Parliament. The Council is trying to
make the Parliament complicit in this act of policy laundering.
A Key Moment
As the EU embarks on this unprecedented policy, we are facing
a momentous decision as to whether we wish to set in motion a
chain of events that will lead to a surveillance society.
Once a surveillance regime begins it always expands. As the
European Data Protection Supervisor has stated in his opinion,
the mere existence of data might lead to increased demands for
access and use by industry, law enforcement authorities, and
intelligence services. Already, restrictions agreed on in the
Committee for Civil Liberties were pushed aside in secret negotiations
with the Council.
Though the Council claims retention will combat terrorism,
for years it has rejected limiting the legislation to such investigations.
Even if access to this data were limited by the Parliament to
a list of serious crimes nothing prevents the expansion of this
list: already the Copyright Industry has called for access to
this data to combat file-sharing online.
Any reimbursement of costs to service providers, like most
other surveillance cost-recovery experiments, will likely be
temporary. Eventually the costs and burdens generated by this
policy will be seen as 'the cost of doing business' and will
be passed on to individual consumers as 'the cost of communicating
The only way we can prevent this chain of events is by following
the example of other countries around the world and rejecting
this policy in its entirety.
Promises are Not Enough
The European Data Protection Supervisor and the Article 29
Working Party of European Privacy Commissioners, as well as the
European Parliament itself, have repeatedly stated their convictions
that the case for retention has not been made. And their calls
for standards and necessary safeguards have gone unheeded. The
concerns of civil society and the telecommunications industry
have also not been adequately addressed.
This policy continues only due to secret processes, agreements
established without scrutiny, and through fast-tracking of debate
because the Council fears open and democratic discussion on these
matters. This is evidenced by the lack of similar policies in
Member States where Parliamentary scrutiny is constitutionally
The EU should follow the example of open and democratic countries
that have instead chosen to implement a preservation regime where
data is collected and retained only for a specific investigation
and then is accessed through court orders.
We, the undersigned, call on Members of the European Parliament
to recognise the significant threat to European civil liberties,
consumers, and industry and to therefore reject the Directive
on communications data retention.
Gus Hosein, Privacy International and Sjoera Nas, EDRI
European Digital Rights
Foundation for a Free Information Infrastructure
Associação Nacional para o Software Livre (PT)
Association for Progressive Communications (International)
Attac AG Wissensallmende (DE)
Bits of Freedom (NL)
BlueLink Information Network (BG)
Bürgerrechte & Polizei/CILIP (DE)
Bulgarian Institute for Legal Development (BG)
CPSR- Canada and ES
Deutsche Vereinigung für Datenschutz e.V. (DE)
Digital Rights Denmark (DK)
Digital Rights Ireland (IE)
Chaos Computer Club (DE)
Communication Rights in the Information Society (EU)
Consumer Project on Technology (US)
EDRI-observer Aljaz Marn, privacyblog.net (SL)
Electronic Frontier Foundation (US)
Electronic Frontier Finland (FI)
Electronic Privacy Information Center (US)
Emancipation syndicale et pédagogique RP (FR)
European Federation of Older Persons (EU)
Fairfax County Privacy Council (US)
Fédération Informatique et Libertés (FR)
Federation of German Consumer Organisations (DE)
Federation of Library and Information organisations (NL)
Fitug e.V. (DE)
FoeBuD e.V. (DE)
Forum InformatikerInnen für Frieden und gesellschaftliche
Verantwortung e.V. (DE)
Foundation for Information Policy Research (UK)
Foundation Metamorphosis (MK)
Fundacio Escula Latinoamericana de Redes (Venezuela and IT)
Gustav Heinemann-Initiative (DE)
Helsinki Foundation for Human Rights (PL)
Humanistische Union (DE)
Institute of Network Cultures, Amsterdam (NL)
Internet Society Bulgaria (BG)
Internet Society Poland (PL)
IP Justice (US)
IRIS - Imaginons un réseau Internet solidaire (FR)
ISPO, Internet Service Providers Association (NL)
Iuridicum Remedium (CZ)
Joint Declaration on Data Retention (DE)
Ligue ODEBI (FR)
Netzwerk Neue Medien e.V. (DE)
Öko-Referat, Ruhr-Universität Bochum (DE)
Open Rights Group (UK)
Option consommateurs (Canada)
Privacy Activism (US)
Privacy Commissioner for Brandenburg, Dagmar Hartge (DE)
Privacy Commissioner for Berlin, Dr. Alexander Dix (DE)
Privacy Commissioner of the Free and Hanseatic City of Hamburg,
Hartmut Lubomierski (DE)
Privacy Commissioner for Mecklenburg-Vorpommern, Karsten Neumann
Privacy Commissioner for Niedersachsen, Burckhard Nedden (DE)
Privacy Commissioner for Schleswig-Holstein, Dr. Thilo Weichert
Privacy Rights Clearinghouse (US)
PROSA - Forbundet af It-profesionelle (DK)
Public Interest Advocacy Centre (Canada)
Stichting Vrijschrift (NL)
Strawberrynet Foundation (RO)
Swiss Internet User Group (CH)
Syndicat de la magistrature (FR)
ver.di Fachgruppenvorstand Banken (DE)
The Winston Smith Project (IT)
Transnational Radical Party
Xtended Internet (NL)
Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein
Unimondo Italy (IT)
Vereniging van Openbare Bibliotheken, Netherlands Public Library
Zöld Pók Alapítvány (HU)