EU Counter-Terrorism Coordinator: "additional data retention obligations are necessary"

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

EU Counter-Terrorism Coordinator: "additional data retention obligations are necessary"
Follow us: | | Tweet

A working paper from the EU's Counter-Terrorism Coordinator (CTC) attempts to outline how the EU can introduce new mass telecoms surveillance rules whilst remaining faithful to the case law of the Court of Justice, which in a series of judgments has set out strict requirements for how data retention schemes must operate.

See: EU Counter-Terrorism Coordinator: Contribution to the discussion on data retention (WK 9699/2017 INIT, LIMITE, 15 September 2017, pdf)

The Coordinator's paper was produced for the 18 September meeting of the ad-hoc Council working group, 'Friends of the Presidency - Data Retention', and argues for the adoption of an:

"EU instrument on data retention, to have a level playing field across the EU and find a common solution, while allowing for sufficient flexibility for Member States to tailor national solutions to their specific needs."

According to the CTC:

"An EU data retention instrument has to fulfil the needs of law enforcement and other competent authorities as well as the requirements of the ECJ and could have three parts:

(1) obligation to retain restricted traffic and location data for 6 months maximum, where access of competent authorities is limited for the purposes of counter-terrorism, organized and serious crime, including cyber attacks,
(2) with storage of the data in the EU in an encrypted fashion,
(3) with all the strict conditions for access suggested by the ECJ."

The CTC is keen to argue that it would be possible to meet the requirements of the ECJ (as set out in the Digital Rights Ireland and Tele2/Watson judgments) by limiting the categories of data to be retained; excluding certain telecoms providers from the scope of retention rules (such as "a small provider just offering WIFI in pizza restaurants); and excluding certain categories of people "linked to professional secrecy" (such as lawyers, journalists, doctors and so on).

This, says the Coordinator, means that "data retention would not be generalised" - although it would arguably not be far off from being generalised, particularly as many Member States already excluded smaller telecoms providers from retention obligations under the 2006 Directive.

The response from Member States to the CTC's paper is currently unknown. A "common reflection process" amongst national and EU authorities on how EU-wide rules on data retention could be reintroduced is still ongoing.

Despite it being three-and-a-half years ago that the Schrems judgment was handed down by the ECJ, it did not have the effect many campaigners hoped for - rather than putting a halt to generalised telecoms surveillance schemes across the EU, many Member States have continue to keep their retention obligations in force. See: Member State data retention regimes - what's changed? The answer is very little so far (Statewatch News Online)

Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error