German lawmakers say Data Retention Directive may be illegal
- 28 April, 2011 01:04
The German Parliament said Tuesday that the European Commission's controversial Data Retention Directive may be illegal.
The directive requires European communications service providers to retain data for up to two years identifying the source, destination, date, time and duration of communications, along with the equipment used, and, for mobile telephony, the location of the equipment. The directive applies to phone calls and e-mail or text messages, although not their contents.
A report from the Bundestag's Working Group on data retention said that it would be impossible to rephrase the directive to make it compatible with the E.U. Charter of Fundamental Rights. The legal experts said that the law is disproportionate in the measures it requires to fight crime, as data retention increases the crime clearance rate only slightly.
"This marginal increase in the clearance rate by 0.006 percent could raise doubts about whether the provisions in their current form would stand their ground under a proportionality review," said the report.
European Data Protection Supervisor Peter Hustinx has described the directive, introduced in 2006, as "the most privacy invasive instrument ever adopted by the European Union."
The European Commission recently conducted its own review of the directive.
"Our evaluation shows the importance of stored telecommunications data for criminal justice systems and for law enforcement. But the evaluation report also identifies serious shortcomings. We need a more proportionate, common approach across the E.U. to this issue," said Home Affairs Commissioner Cecilia Malmström.
The Commission conceded that data retention represents a significant limitation on the right to privacy, and will consider more stringent regulation of storage, access to, and use of the retained data.
E.U. legislation is bound by the principle of proportionality, which limits any legal activity to that which is necessary or required to reach a certain aim. "It is clear from the Commission's evaluation report on the directive that there is no evidence of necessity and proportionality for data retention," said Joe McNamee of EDRi.
"The principle of proportionality is binding on any state governed by the rule of law," added Kai-Uwe Steffens of the Bundestag's Working Group. "Therefore the Federal Republic of Germany must work towards outlawing data retention within the E.U."
"The E.U. must abort this experiment immediately and replace the completely disproportionate blanket collection of the entire population's communications records with an instrument for preserving the data of suspects," said Uli Breuer of the Bundestag's Working Group.
Later this year, the European Court of Justice (ECJ) will rule on the constitutionality of the principle of data retention, after a referral from the Irish High Court.
Digital Rights Ireland, a member of European digital rights group EDRi, brought a case against the Data Retention Directive on the grounds that a state should not be allowed to impose a regime of mass surveillance on its entire population without any evidence of wrongdoing. The Irish High Court agreed that these issues needed to be considered by the ECJ.
Courts in Austria, Germany, Romania, Sweden and the Czech Republic have also ruled that the directive is unconstitutional and the German working group called on the governments of the five countries to request permission from the Commission and, if necessary, the ECJ, to be exempted from transposing the Data Retention Directive into national law and to defy certain aspects, even if fines are imposed.
The text of the Data Retention Directive does not in itself guarantee that data is stored, retrieved and used in line with the right to privacy and protection of personal data. This was the reason courts in Germany, the Czech Republic and Romania threw it out. The three countries are currently trying to work out how to comply with the directive while still maintaining privacy rights.
Austria and Sweden meanwhile have also delayed implementing the directive and have been brought before the European Court of Justice. Austrian authorities have recently drawn up drafts on implementing the law, but last month the Swedish Parliament deferred a vote on the proposed legislation for a further 12 months leading to further court action by the Commission.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Software Defined Protection - The Enterprise Security Blueprint
In a world with high-demanding IT infrastructures and networks, where perimeters are no longer well defined and where threats grow more intelligent every day, we need to define the right way to protect enterprises in the ever-changing threat landscape. Download today to define your security blueprint.
Pathways Leadership Development Program Overview 2014
Convergence with Vblock Systems: A Value Measurement - IDC In-depth assessment
IT infrastructure is the backbone of today's modern business. It enables rapid expansion into new, fast-growing markets. It is at the core of new customer services offerings such as mobile commerce. It is the key to successfully exploiting an explosion in data and data analytics within business processes.