• Home /
• News /
• 2016 /
• March /
• Data retention: Commission still refusing demands for new mass surveillance measures 17.3.16

Data retention: Commission still refusing demands for new mass surveillance measures 17.3.16

01 March 2016

Calls for a new EU data retention law have grown over the last few months, but the European Commission is still refusing the possibility of introducing new EU-wide telecoms surveillance measures and is standing by its September 2015 statement that "the decision of whether or not to introduce national data retention laws is a national decision".

After the European Court of Justice (ECJ) annulled the EU's Data Retention Directive in April 2014, some Member States annulled their national laws implementing the Directive; some kept theirs in place; and some passed new legislation (for example the UK, with its Data Retention and Investigatory Powers Act). [1]

Since then, the issue of the need for new mass surveillance measures has emerged in various forums. In November 2015 national officials sitting in the Council of the EU working party CATS (Comité de l'article 36) discussed the need for the "effective collection, sharing and admissibility of e-evidence", to prepare for a "debate" amongst national justice and home affairs ministers at their December 2015 meeting.

That meeting concluded that:

"All member states considered that retaining bulk electronic communication data in a generalized manner is still allowed. A majority of delegations also considered that an EU-wide approach has to be considered in order to put an end to the fragmentation of the legal framework on data retention across the EU and invited the Commission to present a new legislative initiative whenever possible." [2]

December was a busy month for discussions on data retention. As well as the Council, national prosecutors held a meeting at EU judicial cooperation agency Eurojust. A report from the meeting highlights a number of issues, including:

• The ECJ judgment has magnified the "high level of fragmentation" between laws in the Member States and this has had an impact on cross-border cooperation in criminal investigations;
• Retention of bulk electronic communication for criminal justice purposes" is different from "bulk surveillance of data for national security purposes," because while the former "may interfere with the rights of individuals, they are subject to procedural safeguards, such as judicial supervision," and "the evidence can be challenged before the courts and other legal remedies are available";
• Generalised data retention schemes are important, if not essential, for the investigation and prosecution of serious crimes. Data retention must be carried out in a generalised manner as it is impossible to know beforehand whose data will be relevant in the course of a specific criminal investigation and prosecution." [3]

Those arguments were formally passed to the Council of the EU in February 2015.

November 2015, meanwhile, saw the publication of a joint paper from Europol and Eurojust on "common challenges in battling cybercrime", which stated that the effects of the ECJ judgment:

"[I]mpede[s] the work of the cyber competent authorities and may result in loss of investigative leads and ultimately affect the ability to effectively prosecute criminal activity online. Additionally, the current situation may create an unjust pressure on the investigating authorities to prioritise their activities in accordance with the different data retention frameworks currently in place, rather than focusing on high-value targets." [4]

The possibility of reintroducing mandatory EU-wide data retention measures is one of politics rather than legality. As Steve Peers noted in an April 2014 analysis:

"[I]t is clear from the Court's judgment that some form of mandatory data retention in order to combat serious crime and terrorism is acceptable from the perspective of the EU Charter." [5]

Nevertheless, there is, unsurprisingly, strong social and political opposition to mass surveillance across the EU. The Commission is aware of this - as it said in a September 2015 statement:

"We are aware that data retention is often the subject of a very sensitive, ideological debate and that sometimes there can be a temptation to draw the European Commission into these debates. The European Commission is not ready to play this game." [6]

It is the Commission that has the power to propose new EU-wide data retention rules, yet it remains set against the idea - even though national governments, sitting in the Council, have "invited the Commission to present a new legislative initiative whenever possible".

When asked whether it planned to respond to the calls from national ministers and law enforcement officials, the Directorate-General for Home Affairs simply pointed to its September 2015 statement.

Of course, if political pressure in favour of new rules continues, the Commission may have to "play the game". Those opposed to mass surveillance would be well-advised to stay on their toes: given the demands from politicians and officials, the introduction of new EU-wide data retention measures may be a question of if, not when. In the meantime, the introduction of new and enhanced data retention and surveillance measures at national level remains an issue of ongoing concern.

Footnotes
[1] Eurojust, 'Eurojust's analysis of EU Member States' legal framework and current challenges on data retention', 26 October 2015
[2] Council of the EU, 'Outcome of the Council meeting, 3433rd Council meeting, Justice and Home Affairs', 3 and 4 December 2015
[3] Eurojust, 'Consultative Forum of Prosecutors General and Directors of Public Prosecutions of the Member States of the European Union - 10th meeting', 11 December 2015
[4] Eurojust/Europol, 'Common challenges in combating cybercrime', 30 November 2015
[5] Steve Peers, 'The data retention judgment: The CJEU prohibits mass surveillance', EU Law Analysis, 8 April 2014
[6] 'European Commission statement on national data retention laws', Statewatch News Online, September 2015