State of play of the revision of the EU Data Retention Directive

On 7 September EU Commission official Cecilia Verkleij presented the state of play of the revision of the EU Data Retention Directive in Berlin. Ms Verkleij is head of the sector „Access to information“ (A.3.002) within the EU Commission’s home affairs directorate general. Her team is dealing with the revision of the EU’s unpopular 2006 data retention directive which requires the blanket and indiscriminate collection of telephone records, and mobile phone location and Internet data, revealing sensitive information about the movements and social contacts of 500 million Europeans not suspected of any wrongdoing.

Ms Verkleij started by jokingly pointing out that hers was the „most criminal unit in the Commission“, dealing with all issues such as the retention of communications data, of passenger data (PNR) and of financial data (SWIFT). „If you want to know about surveillance, please call us. We can advise you“, she suggested.

Heading the unit on law enforcement access to information, it did not come as a surprise to hear that the first policy objective the Commission is pursuing in revising the data retention directive is ensuring „access to the communications information which is necessary for combating serious crime“. (The European Court of Justice has pointed out though that the sole legal purpose of the directive is „the functioning of the internal market“ on telecommunications.)

The unit is mainly considering amending the data retention directive in three areas: 1) define more precisely the purpose for which retained data can be used (e.g. list of crimes), 2) define more precisely the mode of access to retained data, 3) regulate the security of retained data. The Commission also intends to pursue the idea of cost reimbursement for providers (which was rejected by member states and parliament in 2006). Another idea they are considering is exempting business to business communications from retention obligations as such data is rarely requested. On the other hand the speaker noted that „data generated via the Internet“ was becoming „increasingly important“ for law enforcement. Ms Verkleij spoke out against the opinion that retaining such data was unnecessary. This thinking, she felt, was due to a „lack of experience“ of law enforcement authorities with Internet data. Ms Verkleij did not consider relevant the fact that most traffic data is accessed within the first three months, as this may concern only the first request in the context of a criminal investigation and more data may be needed at a later stage of the investigation.

In regard to the impact of blanket retention on the fundamental right to privacy, Ms Verkleij said that other fundamental rights needed to be considered as well, namely the rights of victims of crime. Ms Verkleij interpreted Article 52 of the Fundamental Rights Charta to say „don’t kill a fundamental right, but don’t abstain [from interfering] either“.

The speaker pointed out that a qualified majority of member states is currently opposed to amending the data retention directive at all. Still the Commission will proceed with an impact assessment before it will decide on how the future instrument should look like. As part of the impact assessment the Commission intends to identify policy options and assess those against the different interests at stake (law enforcement, data protection and market harmonisation). Among the options will be repealing the directive, not amending it at all and options to modify it as identified through stakeholder workshops with civil society, industry, data protection authorities and law enforcement. What options specifically will be assessed Ms Verkleij would not say.

The Commission intends to launch a study to assess the impact of the various policy options on internal security in the EU, industry, and data protection. Ms Verkleij would not say who will be commissioned to do this study (apparently there is to be a „study group“). (I recommended that independent researchers, e.g. criminologists, should be commissioned to do the study. The worst case scenario would probably be the commissioning of the EU’s „data retention expert group“ which is composed of law enforcement, industry and selected MEPs only.)

The study is also to examine how data preservation is applied within the EU and elsewhere, and how effective it has proven to be in criminal investigations. This is to be done by comparing the role of communications data which are available as a result of data retention obligations and those available as a result of data preservation. Ms Verkleij made it clear that nobody could argue with her that data preservation was equally effective as data retention. She did not consider data preservation an alternative to data retention in terms of getting the same results. The Commission is considering it only as a „longer term issue“. (It appears the Commission is considering data preservation only in the context of proposing an EU instrument on data preservation. They have no plans for that at present as even law enforcement representatives do not see a need for an EU instrument. I agree as there is already a provision on data preservation in the existing Council of Europe Convention on Cybercrime).

The time schedule of the revision process has been further delayed. Apparently Commissioner Malmström (who voted against the directive in 2006) has asked the unit to do a „thorough job“ on data retention. The impact assessment is to be presented only in early 2012. Ms Verkleij warned that on a reasonable timeline, it could take 4-5 years to amend the directive, and it is unclear whether there will be a majority to amend it at all. Therefore the Commission intends to continue forcing Sweden, Germany, Romania and the Czech Republic to transpose the directive as it is.

The Commission is calling for input via e-mail.

In the meantime Digital Rights Ireland is hoping that in October, the Irish High Court will finally refer to the European Court of Justice the question of whether the data retention directive violates fundamental rights and is therefore to be annulled completely. In my opinion, chances are good that the ECJ will follow the example of constitutional courts in Romania (2009), Germany (2010) and the Czech Republic (2011) that have all annulled data retention laws in the past. In view of the scale of damage done to fundamental rights by data retention and the lack of evidence for a statistically significant impact on crime or the prosecution of crime, the idea of indiscriminately collecting information on the daily communications of every single citizen will be ruled disproportionate and incompatible with human rights.

More information:

1 Stern2 Sterne3 Sterne4 Sterne5 Sterne (noch nicht bewertet)
Loading...
8.587mal gelesen

Beitrag per E-Mail versenden Beitrag per E-Mail versenden Seite drucken Seite drucken

Verwandte Artikel

Weitere Artikel zum Thema Datenschutz im Staatssektor, English, Metaowl-Watchblog, Vorratsdatenspeicherung

2 Kommentare »


  1. INDECT ist ein Honeypot für Vollhonks — 25. Februar 2013 @ 0.37 Uhr

    Das mehrjährige INDECT ist so gut wie vorbei und nichts ist passiert. Kein Wunder bei einem solchen Miniforschungsprogramm im riesigen FP7. Im FP8, dem H2020 ist da natürlich auch wieder was ähnliches drin. Die Proteste dagegen sind eine Art Honigtopf für Vollioten, die glauben auf geheimen Projekten steht „geheim“ drauf. Wenn man den Inhalt eines solchen Vorschlags auf Anhieb zu verstehen glaubt, dann kann es das sowieso nicht sein. Wegen einem 30 Mio Projekt in einem milliardenschweren Forschungsetat kräht in Brüssel eigentlich kein Hahn.

    Genauso wenig wie sich in Brüssel jemand für den roundtable Vorsitz Stoibers für irgendeine Anti-Bürokratie Review durch irgend eine Consultancyfirma kümmert oder Karl Theodors Ehrenamt für Internetfreiheit mit Reisekostenerstattung. Bürger verstehen die EU nicht und blasen die Mücken zu Elefanten auf, während sie die wichtigen Dinge verschlafen.

    Arbeitsgruppen gibt es wie Sand am Meer. NGOs sollten ihre Zeit nicht durch Teilnahme an nutzlosen Arbeitsgremien und Berichten verschwenden, sofern sie nicht gerade dafür bezahlt werden. Sie kümmern sich besser um die Gesetzgebung.

    Was wirklich kommt und extrem wichti ist, das ist NIS und alles was da dran hängt:
    http://parltrack.euwiki.org/dossier/2013/0027%28COD%29

    Das IST wichtig, da legislativ. Hier der Vorschlag der Kommission auf Deutsch:
    http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2013/0048/COM_COM%282013%290048_DE.pdf

    Oder das Datenschutzpaket – DRD und die GDPR. Bei #EUdataP geht es um Überwachung.
    http://parltrack.euwiki.org/dossier/2012/0010%28COD%29
    http://parltrack.euwiki.org/dossier/2012/0011%28COD%29

    Aber vielleicht gibt es ja in 3 Jahren Demos und Medienberichte, wenn diese Gesetzgebungsverfahren vorbei sind.


  2. O tempora, o prism! :) — 22. Juni 2013 @ 17.57 Uhr

    „Die EU-Kommission kündigt an, im Rahmen des Forschungsprogramms „Horizont 2020″ „Instrumente zur Bekämpfung krimineller und terroristischer Aktivitäten im Cyberraum“ entwickeln zu lassen.“

    Klingt aus heutiger Sicht ja fast so als wüsste Siemens mal wieder nicht, was Siemens weiss! 🙂

    Das Geld können sie sich sparen, wurde schon mal für den angepeilten Zweck ausgegeben.

    Lustig auch, dass das urdeutsche Recht auf informationelle Selbstbestimmung jetzt am Hindukusch, äh, in Brüssel verteidigt werden muss!

    https://twitter.com/sls_bmj/status/348344595190521856

    Berlin hat offensichtlich schon kapituliert… 🙂

RSS-feed für Kommentare zu diesem Beitrag · TrackBack-URI

Kommentieren Sie diesen Artikel


 
Stoppt die Vorratsdatenspeicherung! Jetzt klicken & handeln!Willst du auch bei der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien: