EU TELECOMMUNICATIONS SURVEILLANCE: Data protection or data retention in the EU?
01 May 2001
EU governments are backing the law enforcement lobby’s demands
The debate over the demands of the EU law enforcement agencies that telecommunications traffic and location data be retained, and that they should have access to it, is reaching a crucial stage. At present under existing EU Directives this data has to be erased or made anonymous and such data can only be kept for billing purposes (ie: to aid the customer).
The fight is centred on a new draft Directive on "the processing of personal data and the protection of privacy in the electronic telecommunications sector" which would update the existing 1997 Directive on this issue. The Commission's draft proposal simply updates the provisions to cover new means of communication (eg: the internet and e-mail).
The European Parliament is due to discuss and adopt a report from the Committee on Citizens' Freedoms and Rights at its session in Strasbourg on 2-6 September. This report comes out strongly in favour of the existing Directives and against data retention. The Council of the European Union (the 15 EU governments) have agreed a position which would allow for data retention and its surveillance by law enforcement agencies.
If the parliament's report is adopted unamended and the Council then adopts its opposing common position the two institutions will be on a collision course.
"ENFOPOL 98" agreed, Conclusions on hold
The meeting of the EU Justice and Home Affairs Council on 28-29 May agreed a "Council Resolution on law enforcement operational needs with respect to public telecommunications" which effectively adopts the extension of surveillance in "ENFOPOL 98" (see Statewatch, vol 7 no 1 & 4 & 5; vol 8 no 5 & 6; vol 10 no 6; vol 11 no 1 & 2; the final legislative text is in ENFOPOL 55, 20.6.01). Its formal adoption has been delayed due to a scrutiny reservation by Germany - when this is withdrawn it will be nodded through.
The Resolution defines how the "Requirements" to be placed on network and service providers are to be interpreted in the EU (see Statewatch vol 11 no 2 for details of its effect). The "Requirements" were adopted by the EU on 17 January 1995 and mirrored those drafted by the FBI in the USA.
The draft Council "Conclusions" in ENFOPOL 23 (30.3.01) which seeks to make an overall statement on the demands of the EU law enforcement agencies for the retention and access to all traffic data. They also call on the Commission to review all existing EU laws which effect this surveillance. The proposal is currently on hold because some member states do not think it appropriate for a "third pillar" (justice and home affairs) initiative to law down the law to the Commission and the Telecommunications Council ("first pillar", economic and social policy).
Statewatch's application to the Council for a copy of ENFOPOL 23 + COR 1 (which makes clear this is a proposal from both the Swedish and French delegations), was discussed at two meetings of the Working Party on Information. The first meeting concluded that: "the applicant may have access to the documents requested (provided that the French and Swedish delegations agree)." However, on 23 May it was decided that:
The document was agreed to be withheld because the French delegation so wished.
The text of ENFOPOL 23 is on the Statewatch website: www.statewatch.org/soseurope.htm
Divisions in the Council and adoption of "guidelines"
Since last autumn when the discussions on the new Directive in the Council on the needs of the law enforcement agencies (LEAs) to have access to telecommunications data came back onto the agenda there were divisions amongst the member states (see Statewatch vol 11 no 2). Belgium, Germany, France, Netherlands, Spain and the UK wanted to delete the requirement that traffic data must be erased or made anonymous in the 1997 Directive and the LEAs given access to the data.
On 29 May the Telecommunications Working Party discussed the Council's draft position. Three dele