European Parliament approves communications data retention
The European Parliament voted today to adopt a new directive allowing for the retention of data "generated by telephony, SMS and internet, but not the content of the information communicated". This data includes email addresses and location data from cell phones. The directive is highly controversial due to the impact it will have on the privacy of European Union citizens.
Also of concern is the broad discretion that is left to EU member states. For example, data may be accessed for the purposes of combatting serious crime and terrorism, but no concrete definition of these concepts has been provided, allowing member states to transpose their own definitions on the provisions of the Directive. In addition, the length of time that a telecommunications company has to retain the data is left relatively undefined - from a minimum of 6 months to a maximum of 24 months - and member states may extend these time frames. Already several countries have indicated intentions to.
The adoption of the text by the European Parliament is procedurally controversial as well. The Directive gained support after a deal made between the Council of Ministers and two large political parties. 378 parliamentarians voted in favour of the Directive, 30 abstained and 197 voted against. The UK has been the key instigator of the measures formalised in the text, particularly since the London tube bombings on 7th July 2005. The text also ignores the amendments proposed by the Parliament's Rapporteur and the Justice and Civil Liberties Committee. Overall, the Directive will be implemented after one of the shortest paths from its drafting to the final vote - months as opposed to years.
The Vice-President of the European Commission declared that this was 'a victory for democracy', while the rapporteur in the European Parliament, Alexander Alvaro stated
"By voting as we [the Parliament] did today we create a precedent where Council need only say 'jump!' and Parliament cries 'how high?'
According to MEP Sarah Ludford, this is a prime case of policy laundering.
"This directive is a prime example of 'euro-wash' policy-laundering. Not only does it impose a mandatory data retention obligation on the majority of EU states, including the UK, which has none at present. It also permits 'gold-plating', for storage time limits way beyond two years, keeping even more data and allowing access to any government department or private firm."
Originally, MEPs had suggested that the member governments must reimburse telecom communucations for any additional costs of retention, however this paragraph has been deleted from the text of the Directive. This is especially relevant for the telecommunications companies due to a requirement of retention of data for unsucessful calls which are not currently registered, which will require the adoption of new technologies.
Implementation is likely to be completed within 18 months, although extensions may be sought by some states to enable effective retention of internet data. It is also expected that the Directive will be challenged in some Member States on the grounds of incompatibility with constitutional law. Already Ireland has stated its intent to take the Directive to the European Court of Justice because it feels that the Directive does not go far enough to permit surveillance; while some MEPs are considering take the Directive to the European Court of Human Rights because the directive lacks adequate safeguards.
This story is far from over. To see PI's resources on data retention, go to http://www.privacyinternational.org/dataretention. The Data Retention Petition page (off site) is also a helpful resource.