European Parliament: no retention of internet data

By EDRi · November 3, 2005

Behind closed doors, the European Parliament is engaged in a monumentous battle with the Council of ministers of Justice over the plans for mandatory data retention. After a first meeting of the leading parliamentary committee on Civil Liberties, Justice and Home Affairs (LIBE) on Monday 24 October, it looks like a majority of social-democrats, greens and some liberals is ready to delete internet data from the proposal all together, focus on a very limited set of telephony data and store them for only 3 months, while deleting the abhorred ‘comitology procedure’.

During the debate with LIBE the European Commission provided some technical explanations about their proposal for a directive. A ‘connection label’ is a number only related to voice over IP connections. And the term user ID only relates to internet access. That would clearly exclude the logging of data about e-mail correspondence. The Commission also explains to what extent service operators should retain data on other services. A question from the EP was “If a Vodafone user calls a Base user, how should Vodafone obtain knowledge on the identity of the Base user?” Answering that question, the Commission says the providers only need to deal with data ‘generated or processed in the process of supplying their communications services’, so in this example, Vodafone would only have to provide the number of the Base user.

But this explanation carefully avoids to address the biggest uncertainty about the proposal; namely how an internet service provider could know what IP-numbers his customers contact. These are data perhaps flowing through the mass of data, but never stored for any business purpose. If such an obligation to store information about all these contacts was nevertheless included in the Directive, the only way of gaining any knowledge on the destination of IP communications would be by creating a full wiretap on all customers.

If the leaders of the political groups don’t reach another kind of agreement in their secret negotiations this month with the Council, it looks like LIBE will support some of the most important changes proposed by rapporteur Alexander Alvaro. Alvaro wants to exclude internet and location data, and to introduce a sunset provision. In that case, the directive would be valid for 5 years. After that, Commission and Parliament would have to evaluate the usefulness and engage in a new legislative procedure or let the directive disappear.

Alvaro wants to delete the purpose of ‘prevention’ from the scope of data retention. The comitology procedure must be deleted and the flexible ‘technical annex’ must be replaced by a limited list of data within the text of the directive itself. Replacing the vague category of ‘serious crimes’ proposed by the Commission, Alvaro sums up a limited list of serious crimes, including terrorism, sexual exploitation of children, environmental crime, hijacking, rape and arson.

On 14 November LIBE will meet again in Luxembourg and likely discuss the long list of amendments proposed by the Social Democrats (Mastenbroek, Grüber, Lambrinidis, Roure) the Conservatives (Newton Dunn) and the Christian Democrats (Charlotte Cederschiöld, who has been opposing data retention for a long time).

Meanwhile, the EP committee on Industry, Research and Energy (ITRE) has made its amendments publicly available, together with the rapport of rapporteur Angelika Niebler (Christian Democrats).

Niebler, like Alvaro, proposes to delete the comitology procedure and limit the storage period to 3 months. “The practice of criminal investigations,” she writes “demonstrates that usually the data required by law enforcement are not older than 3 months. Therefore the legal retention requirements should be modified to meet the real needs.” Like Alvaro, Niebler also proposes to limit the set of data in order to reduce the costs for the telecom industry, but she is not ready to delete internet data all together.

Amendments from ITRE members Trautmann (Social Democrat) and Rübig (Christian Democrat) suggest 6 months retention for telephony data and 3 months for internet data, but all agree on deleting the comitology procedure, failed caller attempts and creating clearer provisions on cost reimbursement.

Like the LIBE committee, ITRE will also discuss the amendments on 14 November 2005. Meanwhile, the UK EU Presidency has confirmed once more in a letter dated 28 October 2005 it is ready to adopt the framework decision on data retention if the European Parliament doesn’t adopt the Commission proposal in a quick first and only reading. According to the Presidency a majority of member states was open to a Directive, as long as it would be exactly the same as the Framework decision. “There was wide agreement (in the JHA Council) that any measure must reflect the elements referred to in the Presidency paper, notably in respect of the provisions on retention periods, scope and costs.”

LIBE Draft report Alexander Nuno Alvaro (19.10.2005)
http://www2.europarl.eu.int/registre/commissions/libe/projet_rapport/2005/364679/LIBE_PR(2005)364679_EN.doc

ITRE report Angelika Niebler including all committee amendments (19.10.2005)
Amendments 1-14
http://www2.europarl.eu.int/registre/commissions/itre/projet_avis/2005/364724/ITRE_PA(2005)364724_XM.pdf
Amendments 15-48
http://www2.europarl.eu.int/registre/commissions/itre/amendments/2005/364725/ITRE_AM(2005)364725_XM.pdf

Heise: Parlamentskoordinator gegen Vorratspeicherung von Internetverbindungsdaten (in German, 20.10.2005)
http://www.heise.de/newsticker/meldung/65150

Technical Questions on Data Retention – answers from the Commission
http://www.edri.org/docs/Technical_Questions_on_Data_Retention_answers.pdf

EU Presidency: Report on proceedings in the Council’s other configurations (28.10.2005)
http://register.consilium.eu.int/pdf/en/05/st13/st13743.en05.pdf