Article 29 asks for safeguards on data retention

By EDRi · April 12, 2006

Article 29 Data Protection Working Party has adopted its opinion on data
retention directive as adopted by the Council on 21 February 2006, pointing
out major criticism to the adoption and to the present text agreed by the
Parliament.

The Working Party recalls its previous concerns and reservations expressed
in its last Opinion 113 of 21 October 2005 on the then draft Directive. The
decision to retain communication data for the purpose of combating serious
crime was considered as an unprecedented one that may endanger the
fundamental values and freedoms all European citizens.

The privacy experts consider of utmost importance that the Directive is
implemented and accompanied in each Member State by measures protecting
privacy. The Directive leaves room for interpretation and therefore adequate
and specific safeguards are necessary to protect the vital interests of the
individual, mainly the right to confidentiality when using publicly
available electronic communications services.

The Working Party also thinks the provisions of the Directive should be
interpreted and implemented in a harmonised way and proposes a uniform,
European-wide implementation of the Directive that would respect the highest
level possible of personal data protection. This should also be done in
order to reduce the considerable costs borne by the service providers when
complying with the Directive.

Article 29 is suggesting that the member states should implement adequate
safeguards at least on Purpose specification, Access limitation, Data
minimization, Data mining, Judicial/ independent scrutiny of authorized
access, Retention purposes of providers, System separation and Security
measures.

The data retention directive is heavily criticized also by other privacy
authorities. Peter Hustinx, the European data protection supervisor
considered the lawmakers had not protected the privacy of Europeans.
His opinion is that “The data retention directive – turned the rules
upside down. We were not very pleased with that – we still think there is
too little in terms of safeguards.”

Hustinx also stated: “I believe that politicians, people – you, I, everyone
else – have to be aware of the real threats. At the same time, that is not
going to justify disproportionate solutions – it is going to hurt the
texture of trust and confidence… I think we have reached a point that more
and more people start wondering whether legislation is getting excessive and
that is a good thing. We have to build in safeguards and keep asking the
question of ‘is this necessary?'”

Opinion 3/2006 on the Directive 2006/XX/EC on the retention of data
processed in connection with the provision of public electronic
communication services (25.03.2006)
http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2006/wp119_en.pdf

Tech must not invade privacy, says EU data protection head (7.04.2006)
http://www.silicon.com/0,39024729,39157943,00.htm

EDRI-gram : Opinion EU privacy authorities on data retention (17.11.2004)
http://www.edri.org/edrigram/number2.22/dataretention

EDRI-gram : Renewed rejection of data retention by European institutions
(5.10.2005)
http://www.edri.org/edrigram/number3.20/retention