Public denied access to Council documents on Data Retention

By EDRi · December 15, 2004

The draft Framework Decision on the retention of traffic data resulting from electronic communication has been sent to the European Parliament at the beginning of December. This started the public part of the lawmaking process. But the Council of the European Union has still failed to declassify the very document that the Parliament is supposed to vote on next spring.

On 2 December 2004 the ministers of Justice and Home Affairs, united in the JHA Council, decided to focus on an extended obligation to store telecom traffic data. Instead of an obligation to store traffic data already processed by companies for billing or internal company purposes, a majority in the Council is now in favour of an obligation to collect and store all traffic data for law enforcement purposes. This includes for example location data collected when using a mobile phone, history of web sites visited, IP numbers of partners contacted in Instant Messaging services, as well addressees and senders of all e-mails sent and received. This data will have to be collected by ISPs and telecom providers, but standardised interfaces will facilitate access for law enforcement and intelligence services. With methods of data mining, the data can be assembled into detailed personality profiles, including contacts, travels, shopping habits, political, religious and sexual likes and dislikes, for all users of electronic communication.

The last version of an internal communication between the Council and the so-called Article 36 Committee – a body composed of senior officials who prepare Justice and Home Affairs legislation – was made partially available to the public. This document shows another shift in approach from the Council; the purpose of investigation, detection and prosecution of ‘terrorist and other serious crimes’ was deleted from the proposal. Footnote 4 says: “Most delegations are against a limitation to certain categories of criminal offences. Therefore the words “terrorist and other serious” used in COPEN 122 should be deleted.” This may result in the use of personality profiles from data retention being authorised even in the case of minor infringements.

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) has appointed a rapporteur for the data retention report. 31-year old Alexander Nuno Alvaro is a German liberal (FDP), serving a first term in the European Parliament. His party is represented in the ALDE (liberal) group in Parliament. Under the EU’s three-pillar scheme of lawmaking, harmonisation of law enforcement is part of the third pillar and the sole competence of member states’ governments. The European Parliament is only formally consulted about the proposal, and cannot veto or change it. As the Council’s retention scheme implies an obligation to industry actors – ISPs and telcos – to store the data, it is questionable, however, whether the report doesn’t touch First Pillar issues and should be in the co-decision procedure, where the Parliament has much more of a say. When the Privacy Directive of 2002 was debated in Parliament, many MEPs already opposed adopting Article 15, which allows member states to introduce legal measures for data retention, because it introduces third pillar issues in a first pillar Directive.

European Parliament Legislative Observatory Procedure File – Combating crime: prevention of crime, criminal offences and terrorism, retention of data processed on public communications networks. Initiative France, Ireland, Sweden and United Kingdom
http://wwwdb.europarl.eu.int/oeil/oeil_ViewDNL.ProcedureView?lang=2&procid=6739

Council Presidency to Article 36 Committee: Draft Framework Decision on the retention of data processed and stored in connection with the provision of publicly available electronic communications services or data on public communications networks for the purpose of prevention, investigation, detection and prosecution of crime and criminal offences including terrorism. (8.11.2004)
http://register.consilium.eu.int/pdf/en/04/st14/st14190-re01.en04.pdf

EDRI-member IRIS chronology of data retention proposals (in French)
http://www.iris.sgdg.org/actions/retention/

(Thanks to Andreas Dietl, EDRI EU Affairs Director)