Background To The Eu Information Retentiveness Directive

By Chris Jones, Researcher for Statewatch

As the fallout from the Snowden leaks rumbles on, the Court of Justice of the European Union (CJEU) volition today create upwards one's hear a illustration (Digital Rights Ireland, Seitlinger in addition to Others that could spell the halt for the EU's Data Retention Directive inward its electrical current form. The Directive mandates the bulk storage past times private companies of individuals' telecommunication data, inward illustration it is required past times law enforcement authorities to investigate cases of serious criminal offense or terrorism.

The judgment follows the handing downwards of a critical sentiment past times Advocate General Cruz Villalón inward Dec 2013, which proposed that the Court declare the Directive equally a whole incompatible alongside European Union Charter articles 52(1) (limitations on rights “must live provided for past times law in addition to observe the essence of those rights in addition to freedoms”) in addition to seven (right to privacy). This post, based on piece of job undertaken past times Statewatch equally constituent of the SECILE project (Securing Europe through Counter-terrorism: Impact, Legitimacy in addition to Effectiveness), outlines the history of the 2006 Data Retention Directive; the telephone substitution points of the legislation; in addition to its problematic national implementation, which has been the champaign of study of legal challenges across Europe. Two farther posts volition examine the implementation of the Directive in addition to the challenges to it.

The Data Retention Directive: a brief overview

The 2006 Data Retention Directive obliges Member States to ensure that telecommunication in addition to Internet Service Providers (ISPs) retain diverse types of information generated past times individuals through the utilisation of landline phones, fax machines, mobile phones, in addition to the internet, “in monastic enjoin to ensure that the information are available for the purpose of the investigation, detection in addition to prosecution of serious crime”. The information that must live retained are:

The origin of a communication;

The goal of a communication;

The date, fourth dimension in addition to duration of a communication;

The type of a communication;

Users’ communication equipment or what purports to live their equipment; and

The place of mobile communication equipment.

The retentiveness catamenia is a minimum of half dozen months in addition to a maximum of 2 years. Member States create upwards one's hear exact duration equally good equally the atmospheric condition nether which it may live accessed.

The European Data Protection Supervisor has called the Directive “without incertitude the well-nigh privacy-invasive musical instrument e'er adopted past times the European Union inward damage of scale in addition to the number of people it affects,” in addition to it ranks amid the well-nigh controversial pieces of counter-terrorism legislation the European Union has e'er adopted. Fierce fence equally to its legitimacy in addition to effectiveness has raged since the earliest stages of its drafting to the nowadays day.

The policy-making process

According to the preamble of the Data Retention Directive, the terrorist attacks inward Madrid inward March 2004 in addition to inward London inward July 2005 “reaffirmed… the demand to adopt mutual measures on the retentiveness of telecommunication information equally shortly equally possible.” However, law enforcement agencies had been seeking information retentiveness legislation long before the devastation of the World Trade Centre on xi September 2001, in addition to the Directive does non bound information retentiveness to combating terrorism.

Demands for information retentiveness tin sack live traced dorsum to the “International Law Enforcement in addition to Telecommunications Seminars” (ILETS) held at the FBI university inward Quantico, Virginia, which commenced inward 1993 alongside the aim of developing global “interception requirements” – standards for telephone-tapping past times police draw in addition to safety agencies to live provided inward all telephone networks. Following the start ILETS meeting, the real start European Union Council of Justice in addition to Home Affairs (JHA) Ministers adopted a Resolution in Nov 1993 – which was non published – calling on experts to compare the needs of the European Union vis-à-vis the interception of telecommunication “with those of the FBI”.

Influenza A virus subtype H5N1 minute European Union Resolution based on ILETS' piece of job was adopted inward Jan 1995 in addition to introduced obligations on telecommunication companies to cooperate alongside law enforcement agencies inward the “real-time” surveillance of their customers. This was never genuinely discussed past times the Council of Ministers. It was adopted instead past times “written procedure” (where legislative texts are circulated amid ministries in addition to adopted if at that spot are no objections). The Resolution, which was non published inward whatever shape until Nov 1996, formed the footing of the provisions on the interception of telecommunication inward the European Union Convention on Mutual Legal Assistance of 2000. ILETS continued every twelvemonth in addition to inward 1999 identified a novel problem. Valuable “traffic data” – peculiarly cellular telephone in addition to network usage records – were beingness erased past times service providers after customers had been billed, a peculiarly shrewd number inward the European Union because of the lately enacted EC Directive on privacy inward telecommunications, which obliged service providers to delete traffic information after its utilisation for billing purposes (usually inside iii months). ILETS hence introduced the regulation of mandatory information retentiveness regimes that would oblige service providers to maintain information for much longer periods. This demand in addition to so surfaced inward other intergovernmental fora concerned alongside police draw in addition to judicial cooperation, such equally the G8. The American Civil Liberties Union, Privacy International in addition to Statewatch would afterwards dub this physical care for “policy laundering”: “the utilisation past times governments of unusual in addition to international forums equally an indirect agency of pushing policies unlikely to win straight approving through the regular domestic political process.”

 In 2000 the European Union decided to update the aforementioned 1997 Directive on privacy inward telecommunication to accept into line concern human relationship “new technologies” in addition to proposed what would larn known equally the “e-Privacy” Directive. The draft Directive proposed scrapping the clause obliging service providers to delete traffic information after billing use. As a First Pillar affair (dealing alongside the functioning of the internal market), the European Parliament had what was in addition to so a rare vote on what was effectively a Justice in addition to Home Affairs or Third Pillar number (police surveillance). Following an extensive drive past times privacy advocates the proposal was rejected. However inward 2002, alongside the events of xi September 2001 providing a fresh justification, a left-right alliance of the European Socialist Party (PSE) in addition to the European People’s Party (PPE) agreed the e-Privacy Directive and the “data retentiveness amendment”, alongside the liberals, greens in addition to left parties opposed. This paved the way for Member States to innovate their ain optional national information retentiveness regimes.

Yet no sooner was the ink dry out on the e-Privacy Directive than a confidential draft Framework Decision on the compulsory retention of subscriber in addition to traffic information for 12-24 months across the European Union was circulated amid Member States in addition to leaked past times Statewatch. Following widespread criticism of the proposal inward European media, the then-Danish presidency of the European Union was moved to number a tilt maxim that the proposal was “not on the table”. If non ‘on the table’, the proposal appears to receive got remained closed at mitt – next the Madrid develop bombings inward March 2004, the 'EU Declaration on combating terrorism' endorsed the regulation of mandatory information retentiveness across the EU.

One calendar month afterwards the UK, France, Sweden in addition to Republic of Ireland submitted a revised draft Framework Decision on information retentiveness to the Council. By now, a majority of European Union Member States had also introduced national information retentiveness regimes. The European Union proposal suffered roughly other major setback when Statewatch published the confidential legal advice of the European Union Council in addition to Commission Legal Services, both of which had been withheld from MEPs in addition to Earth despite stating that the Framework Decision was unlawful because it had the incorrect legal basis. Data retention, said the EU’s lawyers, was a First Pillar number because it regulated the activities of service providers inward the unmarried market.

The European Commission, despite previously opposing information retention, redrafted the proposal as a Directive. This complicated things further. Whereas the European Parliament was exclusively consulted on the draft Framework Decision, alongside the European Union Council complimentary to ignore its opinion, it would similar a shot bask total powers of “co-decision”. Moreover, during the consultation physical care for on the Framework Decision, the Parliament had voted to turn down mandatory information retentiveness because it was “incompatible alongside Article 8” of the ECHR (protection of personal data).

However, betwixt the defeat of the proposal for a Framework Decision in addition to the publication of the proposal for a Directive, the July 2005 London subway scheme bombings happened. These were used equally a fresh justification for an European Union information retentiveness law, although the Great Britain prime number government minister suggested at the fourth dimension that “all the surveillance inward the world” could non receive got prevented the attacks.

The Great Britain in addition to so used its presidency of the European Union Council to impose a deadline of the halt of 2005 for the European Parliament to grip the measure, alongside Charles Clarke, Great Britain Secretary of State, lecturing the EP on the demand to adopt the proposal. Home Office officials were reported to receive got told MEPs inward private that if parliament failed to produce this they “would brand certain the European Parliament would no longer receive got a say on whatever judge in addition to habitation affairs matter.” Led past times Privacy International in addition to the European Digital Rights Initiative, ninety NGOs in addition to fourscore telecommunication service providers wrote to MEPs, imploring them to turn down the measure. Despite their efforts, the EP live agreed the mensurate on fourteen Dec 2005, alongside roughly other PSE-PPE alliance reversing the seat on the draft Framework Decision that the parliament had taken but 8 months earlier. The Directive completed its passage through parliament next a unmarried reading, coming together the UK’s demands on the timeframe. The Council of the European Union adopted the legislation past times qualified majority, alongside Republic of Ireland in addition to the Slovakia voting against, in addition to the Directive passed into law inward March 2006.

Two farther observations are relevant to whatever noun consideration of the policy-making process. The start concerns the role of the Great Britain government, which took its attempts to enforce information retentiveness to European Union institutions after it had been prevented from a domestic mandatory information retentiveness regime past times the houses of parliament. In what appears to live a clear illustration of “policy laundering”, the subsequent European Union Directive, championed past times the Great Britain government, was binding on the Great Britain in addition to implemented past times statutory instrument, inward the shape of the Data Retention (EC Directive) Regulations 2007 in addition to 2009.

The minute observation concerns the role played past times the U.S. authorities inward pushing for mandatory information retentiveness inward Europe, bilaterally inward its discussions with the European Commission in addition to European Union Presidency, in addition to inward multilateral fora like the G8. This is noteworthy because at that fourth dimension at that spot were no corresponding powers inward the USA, nor whatever intention to innovate them. In house of blanket “data retention”, U.S. law enforcement in addition to safety agencies are obliged to seek “preservation orders” from special surveillance courts. However, recent leaks such equally that of the FISA courtroom monastic enjoin imposed on Verizon, demonstrate that U.S. agencies in addition to their special “surveillance court” receive got interpreted these principles so widely equally to encompass entire telephone networks in addition to all of their users.

Nevertheless, a to a greater extent than principled implementation of such a regime would live to a greater extent than privacy-friendly than the EU's electrical current blanket approach. Opposition to the Data Retention Directive inward Europe included advocacy from civil guild organisations for the evolution of this model equally an alternative, alongside judicial supervision to essay out in addition to ensure that access to private information is necessary in addition to legitimate. This is even so the preferred choice of the Ministry of Justice inward Germany, where implementation of the Directive has been highly controversial in addition to the champaign of study of a Constitutional Court ruling that demanded its redrafting.


Barnard & Peers: chapter 9

Share this post