ENDitorial: Data retention: Is the EC trying to dig itself out of a hole?

By EDRi · April 6, 2011

This article is also available in:
Deutsch: [ENDitorial: Vorratsdaten – Versucht sich die Kommission selbst aus dem Sumpf zu ziehen? | http://www.unwatched.org/EDRigram_9.7_Vorratsdaten_Versucht_sich_die_Kommission_selbst_aus_dem_Sumpf_zu_ziehen]

The Data Retention Directive was adopted in 2006 in very controversial
circumstances. Article 15 of the Directive placed a clear obligation on the
European Commission (EC), to submit “no later than 15 September 2010″ a
report on the evaluation of the Directive and its impact on economic
operators and consumers”. Today is the 203rd day since that evaluation
report was due to be published. This raises the obvious question – why has
the Commission, as “guardian of the treaties” failed to respect its legal
obligation and when will it finally comply?

The main reason for the delay is that some crucial mistakes were made at the
beginning of the review process. Firstly, the Commission failed to recognise
that, under the Charter on Fundamental Rights, the Directive is only legal
if it is both “necessary and genuinely meet(s) objectives of general
interest.” Its second mistake was to reach its conclusion (“data retention
is here to stay”) before starting the research, thereby limiting its scope
and assuming that the Member States would have answers to its questions
about the assumed value of data retention. The Commission then limited
itself further by not seeking any information from Member States that had
not implemented the Directive. This definitively prevented the Commission
from being able to compare how much essential extra data is stored as a
result of the Directive, thereby making the legislation “necessary”.

As a result, when the Commission asked for data in the second quarter of
2010, it received little useable information from the Member States. As a
result, Commissioner Malmström made a personal plea to Member States during
the July 15 Justice and Home Affairs Council, followed by a letter (linked
below) from the Commission to Member States. The letter betrays the
Commission’s disregard for the Charter (which each Commissioner swore a
legally binding oath to support) by showing that it is not seeking to
demonstrate “necessity” – “without this information it will be difficult for
the Commission to adequately demonstrate that the Directive is useful”. It
further lowered the level of evidence it was requesting by asking for
examples of where data retained under the Directive “played a determining
role”, rather than asking for examples of where data that would not
otherwise have been retained played a determining role.

Having created this untenable situation, the Commission managed to dig
itself even deeper during the “Taking on the Data Retention Directive”
conference in December 2010. For reasons that are far from obvious,
Commissioner Malmström made a speech arguing that “data retention is here to
stay”, despite the fact that inadequate information had been received from
the Member States (who mostly ignored her personal plea at the July Council
meeting) and despite the fact that her services were still months away from
being able to provide a useable summary of the paltry information that was
provided by the Member States.

So, where are we now? The Home Affairs Directorate General (DG HOME) of the
European Commission submitted a draft evaluation report at the end of
February, resplendent in blank spaces where the Member State information
should have been put, for review by colleagues from the rest of the
Commission. These have now provided their feedback which, by all accounts,
did not lavish praise on the work done so far. When and how the DG HOME will
update the document based on this feedback is not yet clear – what is clear
is the disastrous position their prejudging of the outcome of this process
has created.

The Commission has simply no basis, on the weak evidence presented by the
Member States, to argue that the value added to law enforcement by the
Directive shows that it is “necessary” (and therefore legal). It therefore
cannot move forward with a revision of the Directive. For the same reason,
it cannot opt simply to do nothing. It also cannot refine the Directive by
learning from the experience of Member States, like Germany and Romania,
that have not implemented the Directive, for the simple reason that it did
not request any information from those countries. And, having pandered to
the wishes of certain large Member States by proclaiming that “data
retention is here to stay,” even a tactical retreat seems politically
difficult, even if it is legally and practically the only reasonable step

Perhaps the Commission should stop digging and start listening, learning
from the insightful words of a Swedish Liberal MEP on the day that the
Directive was adopted in the European Parliament. “This is a difficult issue
on which to adopt a position. Reflection is required, together with a solid
factual basis in relation to the privacy aspect, the technical consequences
and the actual costs for telecommunications operators and thus consumers.”

Data retention Directive

Letter from the Commission to Member States (27.06.2011)

Czech Constitutional Court rejects Data Retention Law (31.03.2011)

EDRi-gram: Romanian Constitutional Court Decision against Data Retention

EDRi-gram: German Federal Constitutional Court Rejects Data Retention Law

Commissioner Malmström’s “data retention is here to stay” speech (3.12.2010)

Explanations of vote in the Euopean Parliament on the Data Retention

(Contribution by Joe McNamee – EDRi)