A large group of digital rights organizations has demanded proof from the European Commission that the retention of data in the European Union is necessary and proportionate for fighting serious crime.
In a letter to Home Affairs Commissioner Cecilia Malmström, European Digital Rights (EDRi); AKVorrat; Belgian Net Users' Rights Protection Association; Bits of Freedom; Electronic Frontier Foundation; European Federation of Journalists; Privacy International; Statewatch; and 30 other co-signatories, gave their opinion on the ongoing review of the Data Retention Directive.
The directive requires telecom companies to retain data identifying the user, recipient, date, type, location of the equipment, time and duration of all communications. This applies to email, phone calls and text messages. The information must be available to be handed over to national police on a case-by-case basis. In 2010, the average European had his traffic and location data logged in a telecom database once every six minutes, according to EDRi.
The civil liberties groups said in their letter that they are convinced this level of blanket data retention is neither proportionate nor necessary “and is therefore illegal” under the Charter of Fundamental Rights and the European Convention on Human Rights.
The directive has been dogged by criticisms, including that there no formal definition of “serious crime” throughout Europe. The time that the data may be stored varies widely from six to 24 months. And courts in Austria, Germany, Romania, Sweden and the Czech Republic have ruled that the directive is unconstitutional.
In April, a report from Germany’s Bundestag Working Group on data retention said that the law is disproportionate in fighting crime as data retention increases the crime clearance rate only slightly. "This marginal increase in the clearance rate by 0.006% could raise doubts about whether the provisions in their current form would stand their ground under a proportionality review."
In its recent evaluation of the directive, the Commission did not seek information from member states that have not implemented the directive, in order to compare the efficacy of alternative approaches, say the civil liberties groups. “Necessity and proportionality can only be evaluated if a full assessment of each category and size of service provider is addressed, of each individual type of data and of the retention period for each type of data.”
The letter to the Commissioner asked many pertinent questions: “Does the presence or absence of blanket data retention legislation in practice have a demonstrable, statistically significant impact on the prevalence or the investigation of serious crime in a given member state?
“If it does have a significant impact, by how many percent does it increase or decrease the prevalence, the clearance or the prosecution of serious crime? Has the introduction or the absence of blanket data retention legislation in the past made a significant difference to the number of prosecutions or acquittals or the closure or discontinuation of serious crime cases in any given state?
“By how many percent did the number of condemnations, acquittals or the closure or discontinuation of serious crime cases increase or decrease as a result of blanket data retention legislation or its absence?”
“As some Member States do not have a definition of serious crime, The far-reaching consequences of not strictly defining 'serious crime' in the Directive have been illustrated clearly in Poland, where authorities accessed communications data more than 1 million times in 2009, using the retained data far beyond the prosecution of 'serious crimes' – even in civil proceedings. Alarmingly, the Commission recently seemed to argue that the telecommunication data retained only for the investigation and prosecution of serious crime can also be used in order to investigate intellectual property-related offences, that might not even be crimes, let alone serious crimes,” concluded the civil liberties groups.
The Data Retention Directive first came into force in 2006 and the European Commission currently working on a revision of the law.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.