28 March 2012
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
Statewatch Observatory on Surveillance in Europe (S.O.S.Europe)
EU governments' to decide on retention of telecommunications data (including internet usage) by law enforcement agencies
The debate over the retention of telecommunications data by EU states for the purposes of giving access to the law enforcement agencies is reaching the crunch stage. At the Telecommunications Council in Brussels on 27-28 June the decision may be made to back demands by the UK and other governments for data to be retained for use by the agencies. The European Commission are strongly opposed to the changes as are a number of the rapporteurs in the European Parliament.
The chair of the EU's Article 29 Data Protection Working Party has sent letters to the President of the European Parliament, Mr Prodi of the Commission and the Council expressing its strong opposition to any changes in the draft measure: Letter from Rodota: full-text
The battle lines in the Council at the beginning of June showed the incoming Belgian Presidency and the current Swedish Presidency backed by the UK demanding changes - to the planned new EU Directive on personal data and the protection of privacy in the field of electronic commerce - to allow the retention of telecommunications data for law enforcement agencies. Opposing this move were Greece, Italy, Netherlands and the Commission.
At the Telecommunications Council on Wednesday it will be open to the Council (the 15 EU governments) to back the demand now fronted by the UK.
The new Directive, which is simply intended to update the current laws, has to be agreed under the co-decision procedure whereby the the Council, Commission and Parliament have to agree on the new measure.
The background is on the Statewatch Observatory on Surveillance in Europe: S.O.S. Europe
The latest available draft of the Council's discussions on its "common position" shows that the demands of the law enforcement agencies are centred to two key provisions in the draft new Directive: Article 6 on "Traffic data" and Article 15 which allows EU states to derogate from the provisions on an individual basis and allow law enforcement agencies access to traffic data (including internet usage). Draft dated 31 May (9337/01): Full-text (pdf file)
The first key provision, Article 6.1. on Traffic data reads as follows:
"1. Traffic data relating to subscribers and users processed and stored by the provider of a public communications network or service must be erased or made anonymous when it is no longer needed for the purpose [upon completion] of the transmission of a communication without prejudice to the provisions of paragraphs 2, 3, and Article 15, paragraph 1 4." (bold are changes proposed by the Council; the  show deletions)
These changes were put forward by the Swedish Presidency of the EU. A number of EU governments and the Commission oppose the addition of the reference to Article 15. However, in a footnote there is an alternative wording put forward by Belgium, the incoming EU Presidency from 1 July. This reads as follows where "B" stands for Belgium:
" Alternative text proposed by B for Article 6, paragraph 1:
"Traffic data relating to subscribers and users processed for the purpose of the transmission of a communication and stored by the provider of a public communications network or service may upon completion of the transmission only be processed for legitimate purposes as determined by national law or applicable instruments. Within the scope of this directive, those purposes can be no other than those mentioned in paragraphs 2 and 3".
The effect of this proposal is to delete the provision that data should be erased or made anonymous and to insert another purpose (ie: other than for checking billing for customers) saying it can be "processed for legitimate purposes determined by national law" - in other words it would allow each EU member state adopt a law saying data may be retained for law enforcement purposes for periods of 12 moths to 7 years.
The discussion in the Council (between the governments)
Another document, also dated 31 May, reveals much more detail of the discussion in the Council and the differences between EU governments. Both of these documents need to be placed in context. Both are intended to lead to the adoption by the Council of a "common position" on the proposed new Directive before the European Parliament has completed its First Reading vote and adoption of its report. Strictly the Council should wait for the parliament but it applies an informal "rule" (created by the Council) which says the parliament has only three months to decide its position.
Moreover, the formulation that the law to allow data retention for law enforcement agencies should be agreed at national law will allow government "spin-doctors" to say that it is not binding and that therefore there is no EU policy on the issue - an examination of the background documents produced since last autumn show that for data usage to work for law enforcement purposes it has to operate in every EU country and in all the applicant countries.
The second document: Text (9356/01) reveals the divisions between the EU governments. The report opens by noting that the Commission has proposed that Article 6.1 remain intact - that is, to maintain EC law as set out in the existing Directive which says that traffic data "must be erased or made anonymous on completion of the transmission, except for billing purposes". It goes on to say:
"Three delegations (B, S, UK) have placed a reservation on the Commission proposal by requesting the abandonment of paragraph 1 on the principle of the erasure of data or making it anonymous. These delegations in fact hold that this principle does not take into account the needs of the repressive authorities" (translation from French)
B, S & UK stands for the incoming Belgian Presidency of the EU, Sweden the current EU Presidency and the UK. The Telecommunications Working Party was unable to resolve the differences because of:
"the refusal by certain delegations (GR, I, NL) and by the Commission to see the text of the present directive changed on this point. The latter underline the importance and sensitivity of this issue which affects human rights and fundamental rights."
Thus Greece, Italy and the Netherlands together with the Commission oppose the change. The Commission and Italy also opposed a change to Article 15 put forward by the UK. The grounds on which national laws can derogate from the basic principles, including the obligation to erase traffic data, are different in the two current EU Directives. The grounds in the General Data Protection Directive are broader than those in the later Directive on Telecommunications Data Protection this was because the latter covers the principle of the confidentiality of communications. The General Directive covers many sectors and a large range of data roles. The UK wants to change this and insert the broad range of exceptions, plus adding public health, which would allow national laws to derogate from the protections now in force.
Indeed the intention of the UK is quite explicit, it wants to ensure that Article 15 allows the general retention of data and the Swedish Presidency is proposing that the following is added to Article 15.1:
"Member States may provide for the retention of data for a limited period justified on the grounds of Article 15.1 in conformity with the general principles of community law"
Data Protection Working Party letter
The EU's Data Protection Working Party has sent a very strongly worded letter to the President of the European Parliament, the President of the European Commission and the Presidency of the Council of the European Union. Their views speak for themselves:
"It is not acceptable that the scope of initial data processing is widened in order to increase the amount of data available for law enforcement objectives. Any such changes in these essential provisions that are directly related to fundamental human rights, would turn the exception into a new rule. Systematic and preventive storage of EU citizens' communications and related traffic data would undermine the fundamental rights to privacy, data protection, freedom of expression, liberty and presumption of innocence. Could the Information Society still claim to be a democratic society under such circumstances?"
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.