Answer to consultation on communications data retention
Privacy International and European Digital Rights have published their
joint answer to the consultation on mandatory data retention. The
Directorate Generals on Information Society and on Justice and Home
Affairs from the European Commission asked for public comments on a
proposed retention regime across Europe between 12 and 36 months for
all traffic data generated by using telephony (fixed and mobile) and
internet.
The retention of personal data resulting from communications, or of
traffic data, is necessarily an invasive act. With the introduction of
new technology like mobile telephony and internet, the extent of
invasiveness has progressed enormously. It is no longer possible to
distinguish clearly between the ‘simple’ traffic data generated by
fixed telephony networks and the contents of the communication itself
revealed by location data from mobile phones and communication data
from internet usage. Traffic data now reveal extensive maps of social
networks (who mailed whom), the most intimate human activity (what
websites you have read) and even intention (queries in search engines).
PI and EDRI not only object to this invasiveness, but also argue that
general and systematical retention is illegal. Article 8 of the
European Convention on Human Rights protects the right to a private
life. According to legal advice from the international law-firm Covington &
Burling that is included in the response, “the indiscriminate collection of
traffic data offends a core principle of the rule of law: that citizens
should have notice of the circumstances in which the State may conduct
surveillance, so that they can regulate their behaviour to avoid unwanted
intrusions. (…) Laws that offer citizens no reasonable means of avoiding
surveillance of their private affairs by the State are the hallmark of the
police state.”
Blanket data retention also fails the meet the requirement to be
necessary in a democratic society. The European Court on Human Rights
has explained this requirement in terms of the need for any
interference in Article 8 rights to correspond to a pressing social
need and to be proportionate to the legitimate aim pursued. “Mandatory
data retention laws fail on this score. The distinguishing feature of a
blanket data retention requirement is the absence of any reasonable
relationship between the intrusion on individual privacy rights and the
law enforcement objectives served.”
Finally PI and EDRI argue that retention is illegitimate, because of
the ever-expanding list of possible purposes, both in national law and in
international co-operation. While the EU on the one hand forces member
states to harmonise the retention of data, on the other hand it leaves the
regulation of access to these data to national law. “If the EU insists on
creating this massive regime for surveillance, it has to devise ways to
curtail the monster’s powers at the same time,” say PI and EDRI. According
to the proposal from the UK, Ireland, Sweden and Spain, even if a member
state were to reject the mandatory data retention ‘following national
procedural or consultative processes’, member states must revisit this
rejection every year, thus gravely insulting democratic procedure.
The deadline for comments expires on 15 September 2004. Privacy
International and the 15 member organisations of European Digital
Rights call on all organisations to sign on to this answer, or to use
it however they wish in order to voice an individual comment.
PI/EDRI answer to consultation on data retention (09.09.2004)
http://www.privacyinternational.org/issues/terrorism/rpt/responsetoretention.html
General background information
http://www.privacyinternational.org/retention
Sign-on to the answer (deadline 15.09.2004. 10.00 AM)
send e-mail to and the name of your organisation will be added to the list published on the EDRI website.