Data retention and the ePrivacy Regulation: Member State positions revealed
Follow us: | | Tweet
Ever since the Court of Justice of the EU ruled in April 2014 that the Data Retention Directive (which required the retention of all telecommunications data by telecoms service providers for up to two years for the purposes of law enforcement) was illegal, Member States have been looking for ways to implement new EU-wide data retention rules that would meet the requirements of the Court. So far, they have not been able to do so, but considerations are ongoing.
The European Commission's January 2017 proposal for a new EU ePrivacy Regulation (which would replace the current ePrivacy Directive) has provided a forum for discussions on the issue of data retention, as it opens up the possibility of including data retention rules in the forthcoming Regulation. A Council working paper obtained by Statewatch prepared on the basis of responses to a questionnaire issued by the Estonian Presidency shows the positions of a wide number of EU Member States, and Europol, on the possibility of including mandatory data retention rules in the ePrivacy Regulation.
See: WORKING DOCUMENT from: General Secretariat of the Council to: Delegations: Contributions by delegations (WK 9374/2017 REV 1, LIMITE, 15 September 2017, pdf)
The document contains papers submitted by the following:
- Austrian Ministry of Justice ("serious concerns about the incorporation of provisions on data retention in the scope of the e-Privacy Regulation")
- Bulgarian Commission for Personal Data Protection ("supports the adoption of an EU legislative act on data retention for national security and law enforcement purposes")
- Germany ("we would like to discuss the relationship between Article 2 and Article 11 of the e-Privacy Regulation draft")
- German Federal Police Office (Bundeskriminalamt: "Restricted data retention combined with greater opportunities to commit offences will undoubtedly make law enforcement and threat prevention more difficult, if not impossible")
- Poland ("proposes that the Regulation (e.g. in the preamble) expressly provides for the admissibility of national regulations governing the storage and use of data in criminal proceedings or for other purposes related to public or national security")
- Slovakia ("we should try to convince the public (clients) that without the cooperation of service providers and without recognizing the need to retain certain types of data, users of electronic services cannot be (effectively) protected against the cybercrime")
- Irish Department of Justice and Equality ("Ideally a solution for ensuring the continued availability of data could be found at EU level and this may be possible through the draft e-Privacy Regulation;"
- Netherlands ("Law enforcement currently has to rely on the traffic and location data which electronic communication services have available for billing purposes. These data are considered not to be sufficient to respond to the operational needs of law enforcement. The same applies for the Intelligence and Security services")
- UK ("The current e-Privacy Directive and the draft e-Privacy Regulation lack clarity regarding the extent to which they seek to regulate activity undertaken for national security purposes and we consider that this should be addressed through amendments to the draft e-Privacy Regulation" - detailed amendments are proposed)
- Portugal ("the Commission should propose a new instrument on the retention of data by telecommunications operators")
- Europol (a highly detailed submission regarding the possibilities for retention in light of Digital Rights Ireland, Tele2 and the EU-Canada PNR Opinion: "There is an essential need to incorporate explicit data retention rules for law enforcement purposes into the upcoming ePrivacy Regulation or another suitable European legislative act... the European legislator is free to adopt legislative measures which provide for data retention being the rule rather than the exception")
- Belgium ("Although data processed for billing are often part of the essential information for the prevention and prosecution of crime, it is not deemed sufficient")
- Czech Republic ("targeted approach to retention requirements would not be enough to achieve the necessary level of reliability")
- Hungary ("Defining the concept serious crime as the precondition of data retention and access at an EU level would e.g. restrict member states interpretation in this respect and different structure of regulation could result in different possibilities of access by authorities in the different member states")
- Italy ("only a data retention as a general measure permits to achieve fully the purposes of prevention, investigation, detection and prosecution of criminal offences")
- Documents on data retention in: Justice and Home Affairs Council, 7-8 December 2017: Conclusions and background documentation (8 December 2017)
- EU Member States plan to ignore EU Court data retention rulings and Eurojust: No progress to comply with CJEU data retention judgements (EDRi, 29 November 2017)
- EU Counter-Terrorism Coordinator: "additional data retention obligations are necessary" (27 November 2017)
- Member State data retention regimes - what's changed? The answer is very little so far (20 November 2017)
Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.
Support our work by making a one-off or regular donation to help us continue to monitor the state and civil liberties in Europe.
We welcome contributions to News Online and comments on this website. E-mail us or send post to Statewatch c/o MayDay Rooms, 88 Fleet Street, London EC4Y 1DH.
Home | News Online | Journal | Observatories | Analyses | Database | SEMDOC | About Statewatch
© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.