• Home /
• News /
• 2017 /
• December /
• EU: Data retention and the ePrivacy Regulation: Member State positions revealed

EU: Data retention and the ePrivacy Regulation: Member State positions revealed

11 December 2017

EU  
Data retention and the ePrivacy Regulation: Member State positions revealed
11.12.17
Follow us: | | Tweet

---

Ever since the Court of Justice of the EU ruled in April 2014 that the Data Retention Directive (which required the retention of all telecommunications data by telecoms service providers for up to two years for the purposes of law enforcement) was illegal, Member States have been looking for ways to implement new EU-wide data retention rules that would meet the requirements of the Court. So far, they have not been able to do so, but considerations are ongoing.

The European Commission's January 2017 proposal for a new EU ePrivacy Regulation (which would replace the current ePrivacy Directive) has provided a forum for discussions on the issue of data retention, as it opens up the possibility of including data retention rules in the forthcoming Regulation. A Council working paper obtained by Statewatch prepared on the basis of responses to a questionnaire issued by the Estonian Presidency shows the positions of a wide number of EU Member States, and Europol, on the possibility of including mandatory data retention rules in the ePrivacy Regulation.

See: WORKING DOCUMENT from: General Secretariat of the Council to: Delegations: Contributions by delegations (WK 9374/2017 REV 1, LIMITE, 15 September 2017, pdf)

The document contains papers submitted by the following:

• Austrian Ministry of Justice ("serious concerns about the incorporation of provisions on data retention in the scope of the e-Privacy Regulation")
• Bulgarian Commission for Personal Data Protection ("supports the adoption of an EU legislative act on data retention for national security and law enforcement purposes")
• Germany ("we would like to discuss the relationship between Article 2 and Article 11 of the e-Privacy Regulation draft")
• German Federal Police Office (Bundeskriminalamt: "Restricted data retention combined with greater opportunities to commit offences will undoubtedly make law enforcement and threat prevention more difficult, if not impossible")
• Poland ("proposes that the Regulation (e.g. in the preamble) expressly provides for the admissibility of national regulations governing the storage and use of data in criminal proceedings or for other purposes related to public or national security")
• Slovakia ("we should try to convince the public (clients) that without the cooperation of service providers and without recognizing the need to retain certain types of data, users of electronic services cannot be (effectively) protected against the cybercrime")
• Irish Department of Justice and Equality ("Ideally a solution for ensuring the continued availability of data could be found at EU level and this may be possible through the draft e-Privacy Regulation;"
• Netherlands ("Law enforcement currently has to rely on the traffic and location data which electronic communication services have available for billing purposes. These data are considered not to be sufficient to respond to the operational needs of law enforcement. The same applies for the Intelligence and Security services")
• UK ("The current e-Privacy Directive and the draft e-Privacy Regulation lack clarity regarding the extent to which they seek to regulate activity undertaken for national security purposes and we consider that this should be addressed through amendments to the draft e-Privacy Regulation" - detailed amendments are proposed)
• Portugal ("the Commission should propose a new instrument on the retention of data by telecommunications operators")
• Europol (a highly detailed submission regarding the possibilities for retention in light of Digital Rights Ireland, Tele2 and the EU-Canada PNR Opinion: "There is an essential need to incorporate explicit data retention rules for law enforcement purposes into the upcoming ePrivacy Regulation or another suitable European legislative act... the European legislator is free to adopt legislative measures which provide for data retention being the rule rather than the exception")
• Belgium ("Although data processed for billing are often part of the essential information for the prevention and prosecution of crime, it is not deemed sufficient")
• Czech Republic ("targeted approach to retention requirements would not be enough to achieve the necessary level of reliability")
• Hungary ("Defining the concept “serious crime” – as the precondition of data retention and access – at an EU level would e.g. restrict member states’ interpretation in this respect and different structure of regulation could result in different possibilities of access by authorities in the different member states")
• Italy ("only a data retention as a general measure permits to achieve fully the purposes of prevention, investigation, detection and prosecution of criminal offences")

Further reading

• Documents on data retention in: Justice and Home Affairs Council, 7-8 December 2017: Conclusions and background documentation (8 December 2017)
• EU Member States plan to ignore EU Court data retention rulings and Eurojust: No progress to comply with CJEU data retention judgements (EDRi, 29 November 2017)
• EU Counter-Terrorism Coordinator: "additional data retention obligations are necessary" (27 November 2017)
• Member State data retention regimes - what's changed? The answer is very little so far (20 November 2017)

Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.