EU: New Council working party on blanket telecommunications surveillance


The German Presidency of the Council of the EU is planning a new working party, which will work on policy and legal initiatives aiming to reintroduce EU-wide blanket telecommunication surveillance. Previous EU legislation on telecoms data retention was struck down by the Court of Justice in 2014, but many national laws remain in place and there are ongoing efforts to introduce a new EU-wide regime.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

See: NOTE from: Presidency to: Delegations: Ad-hoc Working Party on Data Retention - Establishment and adoption of its Terms of Reference (10772/20, LIMITE, 17 September 2020, pdf):

"1. Following a reorganisation of the Council working structures the DAPIX Working Party and the FOP DAPIX (Data Retention) ceased to exist. The two main streams of that group were superseded by the Working Party on Data Protection and the newly created Working Party on JHA information exchange, leaving the data retention issues without a forum for discussion.

2. Given this fact as well as the need to continue the work in the Council on data retention which is not finalised yet, the Presidency considers necessary to establish a dedicated to data retention working structure in the form of an Ad-Hoc Working Party on Data Retention."

The proposal is to set up the WDPR for three years, and the mandate will be "subject to review upon its expiration and can be renewed or extended according to the needs and the objectives to be attaint in the area of data retention."

It has already been over six years since the Court of Justice struck down the notorious Data Retention Directive, and in the intervening period there has been little progress on establishing new EU-wide measures, as recalled by EDRi in a June 2019 article. EDRi has also recently published a new handbook, Data Retention Revisited, looking at the history, law and impact of data retention in Europe.

In its judgment annulling the Directive, the Court did not say that data retention in itself was illegal, but rather that the rules in the Directive did not provide sufficient safeguards for fundamental rights.

One key controversy over blanket data retention measures - through which information on the telephone and internet use of every single person is stored in case it is potentially useful to law enforcement agencies - lies in the fact that they de facto turn citizens into suspects. As the Court put it, blanket telecommunications data retention entails "an interference with the fundamental rights of practically the entire European population."

The Presidency document sets out the objective of the proposed ad-hoc WDPR (emphasis):

"2. The ad-hoc WPDR will cover the data retention issues in the Council, ensuring their consistency. It can be involved in both non-legislative, including the preparation of Council conclusions, recommendations to provide leadership or other strategic documents where needed and legislative activities, including the negotiations of any upcoming legislative proposals on data retention.

3. The ad-hoc WPDR will provide a platform bringing together the Member States’ experts dealing with data retention matter, taking into account its complexity and the relevant provisions of European and national law including fundamental rights, namely privacy, the principle of proportionality, data protection, and following the objectives to harmonise the obligations of providers to retain certain data and to ensure that those data are available for the purpose of investigation, detection and prosecution of serious crime.


5. The ad-hoc WPDR will work under the guidance of COREPER and Council. As appropriate, it will bring issues to their attention or report to them on the outcomes of the relevant discussions in order to define or steer the overall JHA data retention policy of the EU and its priorities.


7. The objectives of the ad-hoc WPDR will be related more specifically to the following:

    • assist in setting the EU priorities and strategic objectives as part of a comprehensive data retention policy framework by providing a cross-cutting working platform supporting a coherent approach on these issues and thus avoiding fragmented policy developments and decision/law-making;
    • accompany the decision-making process in the data retention domain, where there is an evident need to guarantee the application of coherent policy approach while ensuring full compliance of the discussed solutions with the relevant case-law and fundamental rights;
    • examine and follow up on the Commission study on data retention as tasked by the Council as well as further decisions of the ECJ on national rules on data retention and any potential future legislative proposal on Data Retention; and
    • identify and further exploit synergies, including with any other relevant entities or stakeholders."

A contract for the "Commission study on data retention" referred to here was given to Belgian company Milieu Consulting in November 2019; the study was supposed to be finished by mid-2020, but has not yet been published.

In March this year, Digital Courage assessed parts of the contract between the Commission and Milieu that were released under the EU's access to document rules and concluded that it is "formulated in a way that neglects the perspective of freedom and fundamental rights. Accordingly, we expect a result that does not give sufficient regard to fundamental rights and freedoms."

The current Commissioner for Migration and Home Affairs, Ylva Johansson, has said: "I do think that we need legislation for data retention." The Council feels the same way, as does the EU Counter-Terrorism Coordinator. The question now, as previously, is whether it will be possible for them to find a way to legalise mass, suspicionless surveillance.

Further reading

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error