New EU proposal to store telecommunication data of 450 million citizens

By EDRi · May 5, 2004

France, Ireland, the UK and Sweden have made a joint proposal to the Council of the European Union to store the telecommunication data of all 450 million EU citizens for a period of 12 to 36 months, for law enforcement purposes.

If the ministers of the member states accept the proposal for a framework decision, all traces of telephony of internet usage of all EU citizens will be stored for a long time. These so-called traffic data reveal who has been calling and e-mailing whom, which websites they have visited, and even where people were with their mobile phones.

The draft framework decision addresses providers of telephony and internet, both networks and services. They will have to store the traffic data of all their users, not just those of suspects. Since there are only few people in Europe without a telephone, gsm or internet, in the newly enlarged Europe this decision would affect the privacy and freedom of expression of 450 million citizens.

The traffic data will be accessible for law enforcement authorities and intelligence services, not just nationally, but across all EU-borders. The member states decide themselves on the powers they grant to obtain access nationally.

Privacy and civil rights groups reject mandatory data retention of all citizens. By storing everybody’s communication data, the principle is violated of being considered innocent until proven guilty. Companies are forced to store large amounts of highly sensitive personal data, even if there is not a single valid business purpose. Market parties thus become an extended arm of the law. With this proposal, Europe sets out a fundamental new course in law enforcement; from specific investigations to general surveillance of all citizens.

The alternative, specific preservation of data about suspects, is brushed off in the draft decision. “In investigations, it may not be possible to identify the data required or the individual involved until many months or years after the original communication.” No further motivation is given concerning the necessity and efficiency of the proposed measure.

The proposal comes less than a month after the EU heads of state accepted a new list of measures against terrorism, including a new high priority to introduce mandatory data retention on 1 June 2005, described in EDRI-gram 2.6. Many experts believe the proposal was written a long time before the attacks on Madrid on 11 March 2004, following an earlier initiative by the Danish presidency of the EU to make an inventory of existing data retention schemes and seek a compromise. Currently, there is no legal obligation to store telecom traffic data for law enforcement purposes in Austria, Finland, Germany, the Netherlands and Sweden. In the UK providers were invited to find a self-regulatory solution to retain data, but government had an apparent lack of success in convincing the ISPs that this was in their best interest and is now working on a legal obligation. Both in Finland and in the Netherlands proposals for mandatory data retention are underway as well. The situation in the newly acceded EU-countries is not clear yet.

Draft framework on data retention (28.04.2004)

EDRI-gram 2.6 (24.03.2004)


Answers to EU questionnaire on data retention (16.09.2002)