28 March 2012
EU: data retention to be "compulsory" for 12-24 months
- draft Framework Decision leaked to Statewatch (analysis and full-text: pdf file)
Statewatch's analysis shows that there are "grave gaps in civil liberties protection":
- there are no grounds for refusing to execute a request on human rights grounds
- there are no limits as to what data can be exchanged where member states allow for the retention of data on all crimes, not just the 32 listed
- there is no reference to supervisory authorities on data protection
- there is no reference to the individual's right to correct, delete, block data nor compensation for misuse or for related judicial review
- no reference to controls on the copying of data
- no rules for checking on the admissibility of data searches
Even as the European Parliament was discussing and voting on fundamental changes to the 1997 EC Directive on privacy in telecommunications the Belgian government was drafting (and circulating for comment) a binding Framework Decision on the retention of traffic data and access for the law enforcement agencies - a copy of which has been leaked to Statewatch.
Under the guise of tackling "terrorism" the EU's Justice and Home Affairs Minister decided on 20 September 2001 that the law enforcement agencies needed to have access to all traffic data (phone-calls, mobile calls, e-mails, faxes and internet usage) for the purpose of criminal investigations in general.
What stood in the way was the 1997 EC Directive on privacy in telecommunications. This was the follow-up to the hard-won 1995 EC Directive on data protection, now law across the EU. The 1997 EC Directive said that the only purpose for which traffic data could be retained was for billing (ie: for the benefit of customers) and then it had to be erased. Law enforcement agencies could get access to the traffic data with a judicial order for a specific person/group.
The "deal" agreed between the Council (the 15 governments) and the two largest parties in the European Parliament (PPE, conservative and PSE, Socialist groups) means that there are two crucial amendments: i) the obligation to erase data has been deleted and ii) EU member states are allowed to pass laws requiring communications providers to keep traffic data for a so-called limited period.
One of the arguments used to legitimise the move during the discussions in the European Parliament was that the change to the 1997 Directive simply enabled governments to adopt laws for data retention if national parliaments agreed. The document leaked to Statewatch shows that EU governments always intended to introduce an EC law to bind all member states to adopt data retention.
The draft Framework Decision says that data should be retained for 12 to 24 months in order for law enforcement agencies to have access to it. In theory the agencies will still need a judicial order to trawl back through the records of a targeted person(s) - though this legal nicety has never stopped the internal security agencies getting access in many countries. The Framework Decision also carries a strong hint that another measure is in the pipeline, one to allow law enforcement agencies access to the content as well as the traffic data of communications.
Now the traffic data of the whole population of the EU (and the countries joining) is to be held on record. It is a move from targeted to potentially universal surveillance.
On 14 August the Danish Presidency put out to all EU governments
a "Questionnaire on traffic data retention" for completion
and return "preferably by e-mail" by Monday 9 September.
See below for full-text of documents 11490/02 and 11490/1/02
- the only difference between the two documents is that the reference
to "in collaboration with the Commission" has been
deleted from the final version.
Tony Bunyan, Statewatch editor, comments:
EU governments claimed that changes to the 1997 EC Directive on privacy in telecommunications to allow for data retention and access by the law enforcement agencies would not be binding on Members States - each national parliament would have to decide. Now we know that all along they were intending to make it binding, compulsory, across Europe.
The right to privacy in our communications - e-mails, phone-calls, faxes and mobile phones - was a hard-won right which has now been taken away. Under the guise of fighting "terrorism" everyone's communications are to be placed under surveillance.
Gone too under the draft Framework Decision are basic rights of data protection, proper rules of procedure, scrutiny by supervisory bodies and judical review
See follow up story: Danish Presidency denies data retention
ISSN 1756-851X. Personal usage as private individuals/"fair
dealing" is allowed. We also welcome links to material on
our site. Usage by those working for organisations is allowed
only if the organisation holds an appropriate licence from the
relevant reprographic rights organisation (eg: Copyright Licensing
Agency in the UK) with such usage being subject to the terms
and conditions of that licence and to local copyright law.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.