Aus Freiheit statt Angst!
It is important for us all (including members that aren't involved yet) to have a very clear message on all common questions and - above all - avoid contradicting ourselves! We are preparing an "faq" initially for internal use and subsequently to use as lobby material for the Parliament, journalists, politicians, activists, etc., like the one on SWIFT - http://www.edri.org/faq-2-swift-agreement-edri.
What is blanket communications data retention?
The EU data retention directive 2006/24 aims at requiring telecommunications companies to store bulk data about all of their customers' communications in order to facilitate criminal investigations. Under the Directive details of any communication via various electronic communications systems are to be recorded indiscriminately, regardless of any suspicion of crime. In the case of mobile phone calls and SMS messages, the respective location of the users is also recorded. In combination with other data, Internet usage is also to be made traceable.
Does blanket communications data retention help to cut crime?
Data retention does not help to cut crime. According to official police statistics, the introduction of data retention legislation has not lead to a decrease in crime, nor even to an increase in crime clearance. Crime rates in Member States with a targeted system in place are no higher than in states relying on a system of blanket data retention. Likewise, crime clearance rates in Member States with a targeted system in place are no lower than in states relying on a system of blanket data retention. Even police statistics focussing on cybercrime do not reveal any effect of blanket retention on crime levels or crime clearance rates. Blanket data retention has proven to be superfluous, harmful or even unconstitutional in many states across Europe and the world, such as Austria, Germany, Greece, Romania, Sweden, Canada and Japan. These states prosecute crime just as effectively using targeted instruments.
What about police evidence of serious crime being detected using retained data?
Anecdotal evidence, access statistics or perceived utility do not demonstrate a need for blanket data retention: Firstly, the beneficial use of communications data retained under blanket schemes does not mean that data would otherwise have been lacking, considering the commercial billing data stored under directive 2002/58 and extra data stored in compliance with judicial orders. Secondly, even in the relatively rare cases where extra data is disclosed under data retention schemes, it often has no influence on the outcome of the investigation procedure. On the contrary, blanket retention has a negative effect on the prosecution of crime as it raises the awareness of tracability and makes criminals use circumvention techniques or resort to other communications channels. All in all states using a targeted approach detect and prosecute serious crime just as well as states relying on a blanket and indiscriminate retention scheme.
What are the disadvantages to blanket communications data retention?
With a data retention regime in place, sensitive information about social contacts (including business contacts), movements and the private lives (e.g. contacts with physicians, lawyers, workers councils, psychologists, helplines, etc) of 500 million Europeans is collected in the absence of any suspicion. Telecommunications data retention undermines professional confidentiality, creating the permanent risk of data losses and data abuses and deters citizens from making confidential communications via electronic communication networks. It undermines the protection of journalistic sources and thus compromises the freedom of the press. Overall it damages preconditions of our open and democratic society. A poll of 1,000 Germans found that with communications data retention in place, one in two Germans would refrain from contacting a marriage counsellor, a psychotherapist or a drug abuse counsellor by telephone, mobile phone or e-mail if they needed their help. One in fourteen journalists reported that the awareness of all communications data being retained had at least once had a negative effect on contacts with their sources.
In the absence of a financial compensation scheme in most countries, the enormous costs of a telecommunications data retention regime must be borne by the thousands of affected telecommunications providers. This leads to price increases as well as the discontinuation of services, and indirectly burdens consumers.
Is blanket communications data retention legal?
According to the Constitutional Court of Romania, blanket data retention per se violates the right to respect for our private and family lives as guaranteed in article 8 of the European Convention on Human Rights (ECHR). Data retention legislation has been annulled by Romanian and German courts. The European Court of Human Rights has yet to decide on the legality of data retention; however, in 2009 it found "that the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences, as applied in the case of the present applicants, [...] constitutes a disproportionate interference with the applicants' right to respect for private life".
The European Court of Justice has yet to decide on the compatibility of the data retention directive with the EU Charter of Fundamental Rights. In March, the Irish High Court decided to ask the European Court of Justice to rule whether the directive violates the EU Charter of Fundamental Rights. Legal experts expect the European Court of Justice to follow the Constitutional Court of Romania as well as the European Court of Human Rights's Marper judgement and declare the retention of telecommunications data in the absence of any suspicion incompatible with the EU Charter of Fundamental Rights.
Are there alternatives to data retention?
Expedited preservation and targeted collection of traffic data is a good alternative to a blanket collection of information on the entire population's communications. Targeted data preservation is the internationally recognized, standard procedure in investigating cybercrime, having been agreed upon in the Council of Europe's 2001 Convention on Cybercrime. This convention, which also provides for an international exchange of communications data, has been signed by all EU Member States as well as, for example, by Norway, Canada, Japan, South Africa and the United States of America. Studies prove that the communications data available without blanket data retention are generally sufficient for effective criminal investigations.
What does civil society propose?
Civil society proposes the repeal of the EU requirements regarding data retention in favour of a system of expedited preservation, targeted collection and international cooperation regarding communications data. To this end, a harmonized European data preservation order could be introduced.
If a prohibition of blanket data retention throughout the EU is not feasible, the Directive needs to be modified to set upper limits on national data retention legislation only, thus allowing national Parliaments and Constitutional Courts to decide against blanket communications data retention and for a system of expedited preservation and targeted collection of traffic data needed for a specific investigation as agreed in the Council of Europe's Convention on Cybercrime. As for how the upper limits and minimum guarantees could be designed, a Joint Position Paper initiated by AK Vorrat sets out more details, see here.
Would a choice-based approach not fail the objective of harmonization?
A choice-based approach as proposed above would achieve much more harmonization than the current directive does. Under directive 2006/24/EC, national data retention policies are varying so widely in terms of data types, storage periods, reimbursement and access that the situation is far more harmonised in countries that have decided to stick with directive 2002/58 and not impose blanket data retention. National data retention provisions need to be harmonised only where they are in place. While it is true that a choice-based approach does not achieve total harmonisation, neither does the current data retention directive.
Furthermore, it is impossible to impose blanket retention throughout the EU due to differences in legal traditions, constitutions and political preferences. Several Member States are legally unable or politically unwilling to introduce blanket data retention legislation. The Romanian constitutional court has decided in 2009 that data retention per se breaches Article 8 of the European Convention on Human Rights and may thus not be implemented in Romania. More lawsuits are pending in Hungary and Ireland. The Court of Justice of the European Union (ECJ) and the European Court of Human Rights (ECtHR) have yet to decide on the matter. Legal experts expect the European Court of Justice to follow the Constitutional Court of Romania as well as the European Court of Human Rights's Marper judgement and declare the retention of telecommunications data in the absence of any suspicion incompatible with the EU Charter of Fundamental Rights.
Would the Council realistically accept a choice-based approach?
If the concept of a choice-based approach is embraced and supported by other relevant actors, chances are good that the majority of Member States can be persuaded to adopt this concept. Member States are well aware of the differences in their legal traditions, constitutions and political preferences that make it impossible to continue trying to impose blanket retention on every single Member State.