EU LOOKS AT RETAINING TELECOM TRAFFIC DATA FOR LAW ENFORCEMENT
European Union (EU) justice ministry officials are seeking to update information from member states on their uses of, and attitudes toward, retaining communications traffic data for law enforcement and other purposes. The short questionnaire, issued late last month by the EU Council’s Working Party (WP) on cooperation in criminal matters, follows up a 2002 survey on data retention. The updated information will likely figure into whatever action the European Commission (EC) ultimately takes on a controversial proposal from France, Ireland, Sweden and the U.K. for a framework decision that could force communications service providers (CSPs) to hold telecom and Internet traffic data as long as 36 months. The proposal has reportedly already drawn fire from German privacy authorities, and is the subject of an imminent report from EU data protection officials.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
In their April 28 proposal to then EU Council Secretary- Gen. Javier Solana, France and the others said retention of communications data is essential for the prevention, investigation, detection and prosecution of crimes involving use of electronic communications systems. In particular, they said, data must be retained in to trace the source of content such as child pornography and racist and xenophobic material, and of attacks against information systems, and to identify those using electronic communications for organized crime and terrorism. Merely preserving specific data related to specified individuals in particular cases isn’t enough, the countries said. While many member states already require data retention for law enforcement purposes, they said, the varying laws thwart cooperation among member states.
The 4 countries proposed that traffic and location data -- but not content -- be retained for at least 12 months and not more than 36 months following its generation. “Member States may have longer periods for retention of data dependent upon national criteria when such retention constitutes a necessary, appropriate and proportionate measure within a democratic society,” the document said. The proposal also lays down data protection and security principles.
The Council WP on cooperation in criminal matters considered the draft decision in early June. While it was “received with positive first reactions by several delegations,” a WP report said, others raised a “number of concerns.” They included: (1) A need for further examination of the proposed minimum period for data retention, a period that some delegates considered too long. (2) The need to clarify the aim of the document and the exact kind of data covered. (3) The need for more information on legislation and practice of member states regarding retention of traffic data. (4) A request that telecom experts be involved in negotiations. (5) The fact that the draft decision concerns crime prevention, “which went further than mutual assistance in criminal matters.”
Facing a lack of current information on how the various member states handle data retention, the Presidency ordered a new survey. It consists of 9 questions, including: (1) Whether a country currently has legislation concerning retention of traffic data for law enforcement and other purposes and, if not, whether it’s considering such measures. (2) What traffic data are currently retained for law enforcement and for how long. (3) Whether police agencies have specified the types of data they need and the time periods for which they need it. (4) Against what kinds of offenses the use of retained traffic data has proven to be of substantial importance in investigations and what kinds of data were used. (5) The procedure for a law enforcement authority to obtain traffic data from a CSP. (6) Whether the country has received reports from police authorities indicating difficulties in their work because of the lack of appropriate legal instruments concerning data retention (for example, whether information on a mobile telephone communication was deleted before its usefulness was apparent). (7) Whether countries with data retention laws reimburse CSPs for costs caused by the retention. (8) Whether authorities in a country give CSPs software or retention capacity to facilitate compliance with data retention obligations. Responses to the questionnaire are due July 29.
The newly installed Dutch Presidency is “clearly” pushing the proposal forward, European Digital Rights (EDRI) said. If EU ministers accept the proposal, “all traces of telephony or Internet usage of all EU citizens will be stored for a long time,” EDRI said. The data will reveal “who has been calling and e-mailing whom, which websites they have visited, and even where people were with their mobile phones.”
Several questions in the survey appear to have been designed to counter criticism about the proportionality of such broad data retention, EDRI said, by asking whether retention has actually helped law enforcement agencies or whether its non-retention has harmed investigations. Question 7 -- on reimbursement of costs to CSPs -- seems to be based on “severe protest” by the European Internet Service Providers Assn. (EuroISPA), EDRI said.
The proposal is “a major issue for EuroISPA,” said Regulatory Affairs Mgr. Richard Nash. The organization has had a meeting with the EC and representatives of member states in which it has stressed the importance of taking industry’ interests into account, he told us. EuroISPA has asked for a full consultation on the draft, he said.
It’s been rumored the proposal has caused a rift between the EC’s Justice & Home Affairs Directorate-Gen. (DG), which deals with law enforcement issues, and the Information Society (INFSO) DG., which is more keyed to communications industry issues. A Commission spokeswoman would say only that “JAI and INFSO are examining closely the data retention initiative…having jointly organised a meeting on 14 June with representatives of industry and Member States.” The EC “foresees an open consultation on the proposal and related issues, along with continued discussions with Member States,” the spokeswoman said.
But a 3rd DG -- Internal Market -- also enters the mix. Its Art. 29 Data Protection Working Party -- made up of Data Protection Commissioners (DPCs) from EU member states -- is readying an opinion on the proposal, the office indicated. The group is about to finalize a draft opinion, which Working Party members will then vote on.
The European Parliament hasn’t yet been asked to consider the issue of data retention but is likely to do so this fall, said a spokesman for the Group of the European Liberal Democrat & Reform Party (ELDR). Once the framework decision makes it to the EP, the Committee on Citizens’ Freedoms and Rights, Justice & Home Affairs will produce a report over which ELDR will have oversight, the spokesman said.
In the meantime, data protection officials from 14 of Germany’s 15 states, and the country’s national DPC, have panned the mandatary traffic data retention proposal and asked the German govt. to vote against it in the EU Council of Ministers, said EDRI EU Affairs Dir. Andreas Dietl. However, he said, Germany’s Minister of Interior Affairs is “known to be the driving force” behind a new law aimed at requiring date retention in Germany and is also pressuring other member state govts. to introduce similar measures, Dietl said.