• Home /
• News /
• 2003 /
• October /
• EU - mandatory retention of telecommunications data unlawful

EU - mandatory retention of telecommunications data unlawful

28 March 2012

Legal opinion says that under the ECHR mandatory data retention is disproportionate, contrary to the rule of law and cannot be said to be necessary in a democratic society

Privacy International have obtained a Legal Opinion from the international law firm Covington and Burling which presents a devastating critique of plans by EU governments and the Council of the European Union to introduce the mandatory retention of communications data. The Opinion examines in particular the draft EU Framework Decision on communications data retention and access to it leaked by Statewatch in August 2002.

The Opinion concludes that:

"The data retention regime envisaged by the (EU) Framework Decision, and now appearing in various forms at the Member State level, is unlawful.

Article 8 of the European Convention on Human Rights (ECHR) guarantees every individual the right to respect for his or her private life, subject only to narrow exceptions where government action is imperative. The Framework Decision and national laws similar to it would interfere with this right, by requiring the accumulation of large amounts of information bearing on individuals' private activities. This interference with the privacy rights of every user of European-based communications services cannot be justified under the limited exceptions envisaged by Article 8 because it is neither consistent with the rule of law nor necessary in a democratic society.

The indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the State may conduct surveillance, so that they can regulate their behaviour to avoid unwanted intrusions. Moreover, the data retention requirement would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society."

The surveillance of telecommunications - phone calls, e-mails, faxes, mobile phone calls and internet usage - has been on the "wish-list" of the EU law enforcement and security agencies for years. After scathing critiques by civil society, previous attempts to introduce the surveillance of communications on a mandatory basis EU plans were shelved. Now the UK is one of ten EU governments which are trying to introduce national legislation to allow for data retention for law enforcement and internal security purposes. Current laws do provide for the interception of communications of a specific, named individual(s) or organisation based on a lawful order (often by a judge or the Home Secretary in the UK) for the purpose of national security or the investigation of a serious criminal offence.

Tony Bunyan, Statewatch editor, comments:

"The proposal for EU-wide Framework Decision on mandatory data retention drafted last summer was put on the back-burner after it was leaked. Instead EU governments decided to adopt laws at national level so that they could, when a majority were in place, bring the EU-wide measure out from under the table and argue the need for "harmonisation".

The legal opinion for Privacy International conclusively shows that the introduction of national laws and an EU-wide one would be contrary to the European Convention on Human Rights. To place the whole population of Europe under surveillance is shown to be unlawful, disproportionate, and contrary to the rule of law and democratic standards"

Documentation

1. Full-text of the Legal opinion for Privacy International by Covington and Burling: Legal opinion (pdf)
2. Full-text of the draft Framework Decision on data retention and access by the law enforcement agencies: Text
3. Analysis of the draft Framework Decision: Analysis (html)
4. Full-text, report and analysis as a pdf file: Analysis (pdf, 65k)
5. Statewatch exclusive, August 2002: EU surveillance of communications: data retention to be "compulsory" for 12-24 months - draft Framework Decision leaked to Statewatch - with press coverage: Special report
6. Statewatch report, August 2002: EU Presidency issues statement on data retention: - statement does nothing to refute the existence of a binding draft Framework Decision: Report
7. Statewatch report, March 2003: EU: Majority of governments introducing data retention of communications: Report
8. UK: Government trying to slip through "voluntary" data retention rejected by consultation process, September 2003: UK "voluntary" retention
9. S.O.S.Europe: history, analyses and documentation on the surveillance of telecommunications: S.O.S.Europe

PRIVACY INTERNATIONAL, MEDIA RELEASE - www.privacyinternational.org

LEGAL BLOW TO UK GOVERNMENT'S "SNOOPERS CHARTER"
Retention of phone and Internet records breaches European human rights law

Details of a legal Opinion announced today has dealt a blow to Home Office plans to snoop on the phone and Internet activity of the UK population.

The Opinion, which relates to an EU framework directive on the retention of communications data, has profound ramifications for ten EU states that have implemented, or are planning to implement, measures to place communications users under blanket surveillance. The UK is in the early stages of implementing such measures.

A series of regulations (Statutory Instruments) recently laid before the UK Parliament intends to create a legal basis for comprehensive surveillance of communications. The regulations will allow an extensive list of public authorities access to records of individuals' telephone and Internet usage. This "communications data" -- phone numbers and e-mail addresses contacted, web sites visited, locations of mobile phones, etc. - will be available to government without any judicial oversight. Not only does government want access to this information, but it also intends to oblige companies to keep personal data just in case it may be useful.

The twenty-page legal Opinion was commissioned by Privacy International and was provided by the international law firm Covington & Burling. It has unequivocally concluded that such plans would be unlawful.

The Opinion states:

"The data retention regime envisaged by the (EU) Framework Decision, and now appearing in various forms at the Member State level, is unlawful.

"Article 8 of the European Convention on Human Rights (ECHR) guarantees every individual the right to respect for his or her private life, subject only to narrow exceptions where government action is imperative. The Framework Decision and national laws similar to it would interfere with this right, by requiring the accumulation of large amounts of information bearing on individuals' private activities. This interference with the privacy rights of every user of European-based communications services cannot be justified under the limited exceptions envisaged by Article 8 because it is neither consistent with the rule of law nor necessary in a democratic society.

The Opinion continues:

"The indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the State may conduct surveillance, so that they can regulate their behaviour to avoid unwanted intrusions. Moreover, the data retention requirement would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society."

The Opinion details a lengthy history of case law that clearly rules against the use of indiscriminate surveillance of communications.

Privacy International today warned that it intends to pursue test cases in at least two EU countries where mandatory retention has been implemented. It is currently seeking litigants from within the communications industry.

The Opinion - along with the substance of the government's proposals - will be debated at a public meeting hosted by the London School of Economics on Wednesday October 22nd (see http://www.privacyinternational.org/conference/sfs7/ for details and registration information). The meeting will involve speakers from the Home Office, the Department of Constitutional Affairs, the Department of Works & Pensions, Local authorities and ACPO, together with industry representatives and parliamentarians.

In two parallel actions, Privacy International today lodged a complaint with the Information Commissioner alleging that the government's regulations and voluntary code on retention breaches at least three of the core Data Protection principles enshrined in the Data Protection Act. The complaint requests the Commissioner to take urgent action to alert the appropriate Parliamentary committees, and to support a referral to the Parliamentary Joint Committee on Human Rights Committee.

The complaint argues that the blanket retention of communications data breaches the principle of proportionality, that the practice flouts the specificity principle, and that the existence of a voluntary code for communications providers takes no account of the consent principle.

Privacy International has today also lodged an Open Government request for disclosure of the government's legal advice relating to the regulations before the Parliament.

Simon Davies, director of Privacy International, said:

"This is an important legal analysis. It clearly exposes the government's intention not only to snoop unnecessarily on innocent people, but also to force unwilling companies to be complicit in an unprecedented and disproportionate surveillance regime".

"The government's plans are illegal. We are calling on all communications providers to support their customers' rights by ignoring the government's proposals".

15th October 2003

Simon Davies of Privacy International can be reached for comment on 07958 466 552 (from the UK) or on (+44) 7958 466 552 (from outside the UK). Email simon@privacy.org Copies of all documents mentioned in this release can be obtained by contacting Simon Davies.

Privacy International (PI) www.privacyinternational.org is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations. PI is based in London, and has an office in Washington, D.C. Together with members in 40 countries, PI has conducted campaigns throughout the world on issues ranging from wiretapping and national security activities, to ID cards, video surveillance, data matching, police information systems, and medical privacy, and works with a wide range of parliamentary and inter-governmental organisations such as the European Parliament, the House of Lords and UNESCO.