Committee to Question Legality of Data Retention Proposal Process
A European Parliament (EP) committee will scrutinize the European Commission’s (EC’s) proposal to force communications service providers (CSPs) to retain Internet and telephone traffic data for law enforcement agencies, officials said. The Committee on Civil Liberties, Justice & Home Affairs (LIBE) will have its first exchange of views Jan. 31 on a working paper on the controversial directive, said rapporteur Alexander Alvaro, a German member of the Alliance of Liberal & Democrats for Europe group. One issue is the legality of the procedure under which the directive is being handled, Alvaro said. That could end up in court, he said.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The working paper will touch on legal, economic, technical and political issues, Alvaro said. On the legal side, there are questions of whether the privacy invasions called for by the directive are proportionate to the needs of law enforcement agencies. Of more concern, he said, is the legal basis on which the Council is proceeding to decision. Alvaro and others think at least portions of it should be handled by co-decision, a process that gives the Parliament greater say. Alvaro has sought a legal opinion. If it’s in his favor but the Council disagrees, he said, he'll press other MEPs to take the Council to the European Court of Justice so this situation doesn’t set precedents for future legislation.
The proposal suffers from technical problems as well, Alvaro said. Because it will affect only European CSPs, he said, servers outside the EU won’t be touched, making the law “quite useless” for law enforcement purposes. From a political perspective, the law would turn every citizen into a suspect, he said.
The economic costs to CSPs of holding the traffic data will be enormous, Alvaro said. British, Spanish and German companies have told him first-year costs of installing the technology needed for compliance could run hundreds of millions of euros. And in the end, he said, the user will pay -- for technology upgrades and for the costs of CSPs providing data to law enforcement bodies. The directive doesn’t address costs, he said.
The data retention proposal was floated by the U.K., Sweden, France and Ireland in April 2004. At the time, they urged the EC to mandate retention for up to 36 months. Privacy advocates have slammed the proposal for being illegal and invasive, while telcos and ISPs worry about the possibility of soaring administrative and technical costs associated with compliance. Last Oct., the EC decided to revise its proposal, cutting the retention period from a possible 36 months to 12 (WID Oct 19/04 p1, or CD Oct 19/04 p9).
In Dec., the 4 countries sent an explanatory note to the Council of the European Union setting out their reasons for wanting the directive. First, they said, sophisticated criminal and terrorist organizations, aware of the differing laws in EU member states on communications traffic data retention, “will inevitably gravitate” to those countries with laxer laws, creating “data havens.” Moreover, they said, significant technological changes within the telecom industry are affecting how long CSPs hold data. “Pay as you go” technologies are driving down retention time and may also be reducing the amount of data initially available, the countries said. Finally, they said, ever-increasing commercial demands are forcing companies to reassess the value and efficiency of their systems, possibly meaning destruction of more traffic data because it’s no longer of commercial value.
Date retention proponents said support for binding rules"has been growing and gathering momentum” the past few years. “The argument has now been won,” they said. They also pooh-poohed a Nov. 9, 2004, opinion by the Internal Market Directorate’s Art. 29 Data Protection Working Party that the proposed directive is legally unacceptable. “The view of the European Data Protection Commissioners… argues in favour of data preservation rather than data retention,” the countries said. Data preservation is a “very useful tool for investigating the activities of someone already under suspicion,” they said, but it will “never aid in the investigation of a person who is not already suspected on involvement with a criminal or terrorist organisation.”
But one privacy advocate called the Dec. document “peculiar.” Among other “specious points,” it says the argument for data retention has been won simply because several EU forums have acknowledged the issue, said Joe McNamee, Political Intelligence EU policy dir. It also justifies the directive on the ground that, because the presidency urged open discussion of this policy area, “everything is okay,” even thought member states didn’t bother to show up at a hearing the European Commission held on the proposal. McNamee also complained that the explanation, which outlines how the 4 countries want others to read perceive the directive, bears little relation to the text.
The LIBE will consider the first draft of Alvaro’s report on the directive in March, he said.