This article is also available in:
Deutsch: [Vorratsdaten: Offener Brief von EDRi und 37 NGOs an EU-Kommission |]

On 26 September 2011, European Digital Rights and 37 other NGOs from 14
countries sent a letter to Commissioners Malmström, Kroes and Reding on the
review of the Data Retention Directive. The purpose of the letter is to
provide input into the Commission’s ongoing work on a review of the

Earlier this year, EDRi published a “shadow” Implementation Report in order
to address the shortcomings of the official Implementation Report from the
European Commission. Rather than waiting for the Commission to finish the
next stage in the process, the Impact Assessment, EDRi felt that it would be
constructive to provide analysis now on what we and related NGOs consider to
be the minimum range of issues to be covered in such a document. To avoid
any confusion, the letter starts by saying that any proper assessment can
only come to the conclusion that the Directive is unnecessary and illegal.

The letter draws attention to the fact that the Commission has already
produced a methodology for the analysis of the fundamental rights
compatibility of its proposals – the “fundamental rights checklist” which is
part of its “Strategy for the effective implementation of the Charter of
Fundamental Rights by the European Union.”

Much of the analysis is based on the shortcomings of the Implementation
Report. The central mistake which we would like not to see repeated is the
fallacy that all uses of retained data can be used to argue that the
Directive is valuable. In reality, recently generated data is more likely to
be used in investigations and such data would have been available anyway
even if the Directive had never existed.

The letter also draws attention to some of the core problems with the
Directive, such as the lack of a harmonised definition of “serious crime”
and the lack of a harmonised approach to access and security. The lack of
clarity on these points makes it impossible for citizens, to know how their
data is being stored, how it is being accessed and for what purpose.

Ironically, the Directive was proposed as a measure to harmonise the
approach to this policy in the European Union – even though few countries
had such a policy to begin with. It managed to disharmonise the single
market, by forcing the policy onto 27 countries, with vastly varying
retention periods, rules for cost reimbursement etc.

The next step in the process for the Commission will be the preparation of
an “Impact Assessment”, listing a number of different policy options and
coming to the conclusion (as has already been politically decided) that the
Directive is useful but offering some small concessions, such as a small
reduction in the maximum retention period, which will be sold as major
improvements in the deeply flawed legislation.

Joint letter on data retention (26.09.2011)

Fundamental rights checklist

Commission implementation report (18.04.2011)

EDRi Shadow implementation report (17.04.2011)

Commissioner Malmström’s speech December 2010 (3.12.2010)

(Contribution by Joe McNamee – EDRi)