- Home /
- News /
- 2004 /
- April /
- Data retention comes to roost - telephone and internet privacy to be abolished
Data retention comes to roost - telephone and internet privacy to be abolished
01 April 2004
- proposal broader in scope than 2002 version; grave gaps in civil liberties protection remain;
- data to be held for between 12 and 36 months, though member states can opt for longer if they choose;
- data to be retained extended from "traffic data" to traffic and "location data";
- scope extended from 32 specific offences to any crime;
- scope extended from specific investigations and prosecutions to "prevention and detection" of crime;
-
"This is a proposal so intrusive that Ashcroft, Ridge and company can only dream about it, exceeding even the US Patriot Act"
This story is avaialble in audio from Radio Nizkor:
real player or
mp3
The governments of the UK, France, Ireland and Sweden have proposed a draft EU Framework Decision that if adopted will see all communications location and traffic data retained for between 1 and 3 years, or longer, should the member states choose. The proposal was endorsed by the EU summit on 25 March 2004 as part of a raft of proposals to combat terrorism in the wake of the Madrid bombings. This proposal (like many others) is in no way limited to terrorism, and will apply to the:
"prevention, investigation, detection and prosecution of crime or criminal offences including terrorism"
The proposal brings home to roost long standing demands by the law enforcement community for the compulsory retention, and thus surveillance, of all telecommunications. It is notable that these demands are coming not from the security and intelligence services but from national criminal intelligence services. In August 2002, Statewatch leaked a confidential draft of this Framework Decision drawn-up by the Belgian government (see background section, below).
New proposal worse than before; grave gaps in civil liberties protection remain
The new version of the proposed Framework Decision is, in privacy and civil liberties terms, worse than before. The original Belgian proposal contained:
- no grounds for refusing to execute a request on human rights grounds;
- no limits as to what data can be exchanged where member states allow for the retention of data on all crimes;
- no reference to supervisory authorities on data protection;
- no reference to the individual's right to correct, delete, block data nor compensation for misuse or for related judicial review;
- no reference to controls on the copying of data;
- no rules for checking on the admissibility of data searches.
With the exception of the inclusion of a reference to "rules on correction and judicial review" (which may prove meaningless in practise - see analysis below), these shortfalls remain in the UK/Ireland/France/Sweden proposal. Moreover, two important safeguards, restricting access to data and limiting the use of the provisions have been dropped. The new proposal is also considerably broader:
- the time period for the storage of data is extended from 12-24 months to 12-36 months (though member states can opt for longer if they choose);
- the data to be collected is extended from "traffic data" to traffic and "location" data;
- scope extended from 32 specific offences to "any crime";
- scope extended from specific investigations and prosecutions to "prevention and detection" of crime.
The new proposal does introduce two derogations for member states, though these are quite limited. Detailed analysis of the proposal follows below.
An unjustified, unlawful and expensive proposal
The original Belgian proposal in 2002 provoked a furious reaction. EU Data Protection Commissioners issued a statement describing the plans as:
an improper invasion of the fundamental rights guaranteed to individuals by Article 8 of the European Convention on Human Rights, as further elaborated by the European Court of Human Rights.
A legal opinion ob