DRletter: Unterschied zwischen den Versionen

Aus Freiheit statt Angst!
Zur Navigation springen Zur Suche springen
(Änderung 102851 von Wir speichern nicht! (Diskussion) wurde rückgängig gemacht.)
Zeile 5: Zeile 5:
  
 
==Draft text==
 
==Draft text==
Dear Commissioners,
+
Cecilia Malmström
  
The EU data retention directive 2006/24 requires telecommunications companies to store data about all of their customers' communications. Although ostensibly to reduce barriers to the single market, the Directive was proposed as a measure aimed at facilitating criminal investigations. The Directive creates a process for recording details of who communicated with whom via various electronic communications systems. In the case of mobile phone calls and SMS messages, the respective location of the users is also recorded. In combination with other data, Internet usage is also to be made traceable.
+
European Commissioner for Home Affairs
  
We believe that such invasive surveillance of the entire population is unacceptable. With a data retention regime in place, sensitive information about social contacts (including business contacts), movements and the private lives (e.g. contacts with physicians, lawyers, workers councils, psychologists, helplines, etc) of 500 million Europeans is collected in the absence of any suspicion. Telecommunications data retention undermines professional confidentiality, creating the permanent risk of data losses and data abuses and deters citizens from making confidential communications via electronic communication networks. It undermines the protection of journalistic sources and thus compromises the freedom of the press. Overall it damages preconditions of our open and democratic society. In the absence of a financial compensation scheme in most countries, the enormous costs of a telecommunications data retention regime must be borne by the thousands of affected telecommunications providers. This leads to price increases as well as the discontinuation of services, and indirectly burdens consumers.
+
BE-1049 Brussels
  
Studies prove that the communications data available without data retention are generally sufficient for effective criminal investigations. Blanket data retention has proven to be superfluous, harmful or even unconstitutional in many states across Europe, such as Austria, Belgium, Germany, Greece, Romania and Sweden. These states prosecute crime just as effectively using targeted instruments, such as the data preservation regime agreed in the Council of Europe Convention on Cybercrime. There is no proof that telecommunications data retention provides for better protection against crime. On the other hand, we can see that it costs billions of euros, puts the privacy of innocent people at risk, disrupts confidential communications and paves the way for an ever-increasing mass accumulation of information about the entire population.
 
  
Legal experts expect the European Court of Justice to follow the Constitutional Court of Romania as well as the European Court of Human Rights's Marper judgement and declare the retention of telecommunications data in the absence of any suspicion incompatible with the EU Charter of Fundamental Rights.
+
<div align="right">1 September 2010</div>
  
As representatives of the citizens, the media, professionals and industry we collectively reject the Directive on telecommunications data retention. We urge you to propose the repeal of the EU requirements regarding data retention in favour of a system of expedited preservation and targeted collection of traffic data as agreed in the Council of Europe's Convention on Cybercrime. In doing so, please be assured of our support.
 
  
Yours faithfully,
+
Dear Ms Malmström,
  
==Signatories (name, organisation, country)==
 
  
#Gergana Jouleva for the '''Access to Information Programme''', Bulgaria
+
Thank you for your reply of 12 July to the joint letter of more than 100 organisations from 23 European countries asking you to “propose the repeal of the EU requirements regarding data retention in favour of a system of expedited preservation and targeted collection of traffic data”.  
#Terri Dowty for '''Action on Rights for Children''', UK
 
#Rainer Hammerschmidt for '''Aktion Freiheit statt Angst e.V.''', Germany
 
#Andrea Monti for '''ALCEI - Electronic Frontiers Italy''', Italy
 
#David Banisar for '''ARTICLE 19: Global Campaign for Free Expression''', UK
 
#Dr. Roland Lemye for '''Association Belge des Syndicats Médicaux''', Belgium
 
#Alen Nanov for the '''Association for Advising, Treatment, Resocialization and Reintegration of Drug Users and Other Marginalized and Vulnerable Groups IZBOR''', Macedonia
 
#Bogdan Manolea for the '''Association for Technology and Internet - APTI''', Romania
 
#Martine Simonis for '''L'association Générale des Journalistes Professionnels de Belgique (AGJPB)''', Belgium
 
#Ute Groth for '''bdfj Bundesvereinigung der Fachjournalisten e.V.''', Germany
 
#Ot van Daalen for '''Bits of Freedom''', The Netherlands
 
#Gabriele Nicolai for '''Berufsverband Deutscher Psychologinnen und Psychologen e.V.''', Germany
 
#Torsten Bultmann for '''Bund demokratischer Wissenschaftlerinnen und Wissenschaftler e.V.''', Germany
 
#Marina Jelic for '''Center for Peace and Democracy Development CPDD''', Serbia
 
#Sabiha Husic for '''Citizens' Association Medica Zenica''', Bosnia and Herzegovina
 
#Zdenko Duka for the '''Croatian Journalists' Association CJA''', Croatia
 
#Christian Jeitler for '''Cyber Liberties Union''', Austria
 
#Vagn Jelsoe for the '''Danish Consumer Council''', Denmark
 
#Karl Lemmen, '''Deutsche AIDS-Hilfe e.V.''', Germany
 
#Ulrich Janßen for '''Deutsche Journalistinnen- und Journalisten-Union dju in ver.di''', Germany
 
#Michael Konken for '''Deutscher Journalisten-Verband''', Germany
 
#Stefanie Severin for '''DFJV Deutscher Fachjournalisten-Verband AG''', Germany
 
#TJ McIntyre for '''Digital Rights Ireland''', Ireland
 
#Martina Haan for '''DPV Deutscher Presse Verband – Verband für Journalisten e.V.''', Germany
 
#Prof. Michael Rotert for '''eco - Association of the German Internet Industry''', Germany
 
#Eleni Alevritou for '''EKPIZO Consumers Association the Quality of Life''', Greece
 
#Ville Oksanen for '''Electronic Frontier Finland''', Finland
 
#Katitza Rodriguez for the '''Electronic Frontier Foundation''', U.S.A.
 
#Thomas Gramstad for '''Electronic Frontier Norway''', Norway
 
#Máté Dániel Szabó for '''Eötvös Károly Institute''', Hungary
 
#Andreas Krisch for '''European Digital Rights''', Europe
 
#Anne Margrethe Lund, '''European Movement in Norway''', Norway
 
#Werner Korsten for the '''Evangelische Konferenz für Telefonseelsorge und Offene Tür e.V.''', Germany
 
#Simona Conservas for '''exgae''', Spain
 
#Stefan Hügel for '''FIfF - Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung e.V.''', Germany
 
#padeluun for '''FoeBuD e.V.''', Germany
 
#Beate Ziegler for '''Forum Menschenrechte''', Germany
 
#Stephan Uhlmann for the '''Foundation for a Free Information Infrastructure (FFII) e.V.''', Europe
 
#Valentina Pellizzer for '''Foundation Oneworld - platform for Southeast Europe (owpsee)''', Bosnia & Herzegovina
 
#Ross Anderson for '''FIPR Foundation for Information Policy Research''', UK
 
#Lutz Donnerhacke for '''FITUG e.V.''', Germany
 
#Matthias Kirschner for '''Free Software Foundation Europe FSFE''', Europe
 
#Martin Grauduszus for '''Freie Ärzteschaft e.V.''', Germany
 
#Jürgen Wahlmann for '''GameParents.de e.V.''', Germany
 
#Christoph Klug for '''Gesellschaft für Datenschutz und Datensicherheit e.V. (GDD)''', Germany
 
#Arvind Ganesan for '''Human Rights Watch''', international
 
#Joyce Hes for '''Humanistisch Verbond''', The Netherlands
 
#Sven Lüders for '''Humanistische Union e.V.''', Germany
 
#Dr. Balázs Dénes for the '''Hungarian Civil Liberties Union''', Hungary
 
#Jo Glanville for '''Index on Censorship''', UK
 
#Dr. Rolf Gössner for '''Internationale Liga für Menschenrechte (Berlin)''', Germany
 
#Rudi Vansnick for '''Internet Society Belgium''', Belgium
 
#Veni Markovski for the '''Internet Society Bulgaria''', Bulgaria
 
#Gérard Dantec for the '''Internet Society France''', France
 
#Jan Willem Broekema for '''Internet Society''', The Netherlands
 
#Marcin Cieślak for the '''Internet Society Poland''', Poland
 
#Eamonn Wallace for '''IrelandOffline''', Ireland
 
#Mark Kelly for the '''Irish Council for Civil Liberties''', Ireland
 
#Niels Elgaard Larsen for the '''IT-Political Association of Denmark''', Denmark
 
#Markéta Nováková for '''Iuridicum Remedium''', Czech Republic
 
#Milan Antonijevic for '''Koalicija za slobodu pristupa informacijama (Coalition for Free Access to Information)''', Serbia
 
#Elke Steven for the '''Komitee für Grundrechte und Demokratie''', Germany
 
#Agata Szczerbiak for '''Krytyka Polityczna (Political Critic)''', Poland
 
#Jérémie Zimmermann for '''La Quadrature du Net''', France
 
#Milan Antonijevic for '''Lawyers Commitee for Human Rights YUCOM''', Serbia
 
#Klaus Jetz for '''Lesben- und Schwulenverband LSVD''', Germany
 
#Isabella Sankey for '''Liberty (the National Council for Civil Liberties)''', UK
 
#Astrid Thienpont for '''Liga voor Mensenrechten (Human Rights League)''', Belgium
 
#Manuel Lambert for '''Ligue des droits de l’Homme (Human Rights League)''', Belgium
 
#Bardhyl Jashari for '''Metamorphosis Foundation''', Macedonia
 
#Christian Bahls for '''MOGiS e.V.''', Germany
 
#Dennis Grabowski for '''naiin - no abuse in internet e.V.''', Germany
 
#Thomas Bruning for '''Nederlandse Vereniging van Journalisten''', The Netherlands
 
#Harry Hummel for '''Netherlands Helsinki Committee''', The Netherlands
 
#Albrecht Ude for '''netzwerk recherche e.V.''', Germany
 
#Christine Nordmann for '''Neue Richtervereinigung e.V.''', Germany
 
#Phil Booth for '''NO2ID''', UK
 
#Jim Killock for '''Open Rights Group''', UK
 
#Laurence Evrard for the '''Ordre des barreaux francophones et germanophone''', Belgium
 
#Annelies Verstraete for the '''Orde van Vlaamse Balies''', Belgium
 
#Katarzyna Szymielewicz for '''Panoptykon Foundation''', Poland
 
#Stefan Kaminski for the '''Polish Chamber of Commerce for Electronics and Telecommunications''', Poland
 
#Simon Davies for '''Privacy International''', UK
 
#Mag. Georg Markus Kainz for '''q/uintessenz''', Austria
 
#Christian Rickerts for '''Reporter ohne Grenzen e.V.''', Germany
 
#Jean Francois Julliard for '''Reporters Sans Frontières''', international
 
#Carsten Gericke for '''Republikanischer Anwältinnen- und Anwälteverein e.V.''', Germany
 
#Walter van Holst for '''ScriptumLibre Foundation/Stichting Vrijschrift.org''', The Netherlands
 
#Tony Bunyan for '''Statewatch''', UK
 
#Janet de Jonge for '''Stichting Meldpunt Misbruik ID-plicht''', The Netherlands
 
#Hans van der Giessen for the board of '''Stichting NBIP - Nationale Beheersorganisatie Internet Providers''', The Netherlands
 
#Lars-Henrik Paarup Michelsen for '''Stopp Datalagringsdirektivet''', Norway
 
#Paul Jansen for '''The dotindividual Foundation''', The Netherlands
 
#Karin Ajaxon for '''the Julia Group''', Sweden
 
#Bernadette Ségol for '''UNI europa''', Belgium
 
#Frank Bsirske for '''United Services Union (ver.di - Vereinte Dienstleistungsgewerkschaft)''', Germany
 
#Dr. Carla Meyer for '''Verband der Freien Lektorinnen und Lektoren VFLL e.V.''', Germany
 
#Dr. Werner Weishaupt for '''Verband freier Psychotherapeuten, Heilpraktiker für Psychotherapie und Psychologischer Berater e.V.''', Germany
 
#Gerd Billen for '''Verbraucherzentrale Bundesverband e.V.''', Germany
 
#Prof. Dr. Wulf Dietrich for '''Verein demokratischer Ärztinnen und Ärzte''', Germany
 
#Anna Bauer for '''Vereinigung Demokratischer Juristinnen und Juristen e.V.''', Germany
 
#Arnout Veenman for the '''Vereniging ISPConnect Nederland''', The Netherlands
 
#Miek Wijnberg for '''Vereniging Vrijbit''', The Netherlands
 
#Daniel Jahre for '''Verein Linuxwochen''', Austria
 
#Claudio Agosti for the '''Winston Smith Project''', Italy
 
  
==Background==
+
I welcome your intention to assess the proportionality of directive 2006/24, and I support the opinion you gave in this regard as a Member of European Parliament: “''I have so far not been convinced by the arguments for developing extensive systems for storing data, telephone conversations, e-mails and text messages. Developing these would be a very major encroachment on privacy, with a high risk of the systems being abused in many ways. The fact is that most of us, after all, are not criminals.''”<ref name="ftn1">Debate of 7 September 2005, http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+CRE+20050907+ITEM-002+DOC+XML+V0//EN&query=INTERV&detail=3-044.</ref>
  
[http://www.vorratsdatenspeicherung.de/content/view/366/79/lang,en/ More information on data retention]
+
In your [http://www.vorratsdatenspeicherung.de/images/reply_malmstroem.pdf reply] of 12 July you ask for more information regarding two statements in our letter: “Studies prove that the communications data available without data retention are generally sufficient for effective criminal investigations. Blanket data retention has proven to be superfluous, harmful or even unconstitutional in many states across Europe, such as Austria, Belgium, Germany, Greece, Romania and Sweden.”
 +
 
 +
'''1) Blanket data retention has proven to be superfluous'''
 +
 
 +
This statement firstly relies on the experience of states around the world whose law enforcement agencies operate successfully without relying on blanket data retention. Among these states are Germany, Austria, Belgium, Greece, Romania, Sweden, Canada and EU member states with data retention legislation that is not yet being applied. The absence of data retention legislation does not lead to a rise in crime in those states, or to a decrease in crime clearance rates, not even in regard to Internet crime. Nor did the coming into force of data retention legislation have any statistically significant effect on crime or crime clearance.
 +
 
 +
This is exemplified by statistics published by the German Federal Crime Agency (BKA) and the State Crime Agency (LKA) of North Rhine-Westphalia:
 +
 
 +
{| class="prettytable"
 +
| '''German Crime Statistics '''
 +
| 2005
 +
| 2006
 +
| 2007
 +
| 2008 ''(telephone data retention in force)''
 +
| 2009 ''(Internet data retention in force)''
 +
 
 +
|-
 +
| Registered crime
 +
| [http://www.bka.de/pks/pks2008/p_2_1_1.pdf 6 391 715]
 +
| [http://www.bka.de/pks/pks2008/p_2_1_1.pdf 6 304 223]
 +
| [http://www.bka.de/pks/pks2008/p_2_1_1.pdf 6 284 661]
 +
| [http://www.bka.de/pks/pks2008/p_2_1_1.pdf 6 114 128]
 +
| [http://www.bka.de/pks/pks2009/download/pks2009_imk_kurzbericht.pdf 6 054 330]
 +
 
 +
|-
 +
| Clearance rate
 +
| [http://www.bka.de/pks/pks2005/download/pks-jb_2005_bka.pdf 55,0%]
 +
| [http://www.bka.de/pks/pks2007/download/pks-jb_2007_bka.pdf 55,4%]
 +
| [http://www.bka.de/pks/pks2007/download/pks-jb_2007_bka.pdf 55,0%]
 +
| [http://www.bka.de/pks/pks2008/download/pks-jb_2008_bka.pdf 54,8%]
 +
| [http://www.bka.de/pks/pks2009/download/pks2009_imk_kurzbericht.pdf 55,6%]
 +
 
 +
|-
 +
| Registered Internet crime
 +
| [http://www.bka.de/pks/pks2005/download/pks-jb_2005_bka.pdf 118 036]
 +
| [http://www.bka.de/pks/pks2007/download/pks-jb_2007_bka.pdf 165 720]
 +
| [http://www.bka.de/pks/pks2007/download/pks-jb_2007_bka.pdf 179 026]
 +
| [http://www.bka.de/pks/pks2008/download/pks-jb_2008_bka.pdf 167 451]
 +
| [http://www.bka.de/pks/pks2009/download/pks2009_imk_kurzbericht.pdf 206.909]
 +
 
 +
|-
 +
| Clearance rate for Internet crime
 +
| [http://www.bka.de/pks/pks2005/download/pks-jb_2005_bka.pdf 84,9%]
 +
| [http://www.bka.de/pks/pks2007/download/pks-jb_2007_bka.pdf 84,4%]
 +
| [http://www.bka.de/pks/pks2007/download/pks-jb_2007_bka.pdf 82,9%]
 +
| [http://www.bka.de/pks/pks2008/download/pks-jb_2008_bka.pdf 79,8%]
 +
| ''n/a''
 +
 
 +
|-
 +
| Clearance rate for Internet crime in North Rhine-Westphalia (most populated state)
 +
| [http://www.polizei-nrw.de/lka/stepone/data/downloads/cf/00/00/pks-jahresbericht-2006.pdf 84,8 %]
 +
| [http://www.polizei-nrw.de/lka/stepone/data/downloads/cf/00/00/pks-jahresbericht-2006.pdf 85,9 %]
 +
| [http://www.polizei-nrw.de/lka/stepone/data/downloads/08/01/00/kriminalitaetsentwicklung_pks_nrw_2007.pdf 84,0 %]
 +
| [http://www.polizei-nrw.de/lka/stepone/data/downloads/45/01/00/pks-nrw-jahresbericht-2008.pdf 76,9 %]
 +
| [http://www.polizei-nrw.de/lka/stepone/data/downloads/6a/01/00/pks-jahresbericht2009.pdf 77,3 %]
 +
 
 +
|}
 +
Notwithstanding this comprehensive evidence, I would like to recall that we cannot be expected to prove that blanket data retention is superfluous. The onus of proof regarding the alleged necessity of blanket data retention is clearly on its proponents. In our response<ref name="ftn3">Antworten auf den Fragebogen der Europäischen Kommission vom 30.09.2009 zur Vorratsdatenspeicherung, [http://www.vorratsdatenspeicherung.de/images/antworten_kommission_vds_2009-11-13.pdf http://www.vorratsdatenspeicherung.de/images/antworten_kommission_vds_2009-11-13.pdf], p. 29.</ref> to your evaluation questionnaire we have explained why access statistics, anecdotal evidence or perceived utility<ref name="ftn2">Such as cited in the “Overview of information management in the area of freedom, security and justice”, COM(2010)385, p. 36, as well as in a “Room Document”, [http://www.vorratsdatenspeicherung.de/images/RoomDocumentEvaluationDirective200624EC.pdf http://www.vorratsdatenspeicherung.de/images/RoomDocumentEvaluationDirective200624EC.pdf].</ref> do not prove a need for blanket data retention: Successful requests for traffic data retained under directive 2006/24 do not prove that data would otherwise have been lacking, despite the commercial billing data stored under directive 2002/58 and extra data stored in compliance with specific judicial orders. Even where extra data is disclosed under data retention schemes, it often has no influence on the outcome of investigation procedures.
 +
 
 +
The utility of access to communications data by law enforcement agencies does not mean that there was a need to retain such data indiscriminately. The European Court of Human Rights has consistently held that mere usefulness does not satisfy the test of necessity.<ref name="ftn4">Silver v. UK (1983) 5 EHRR 347, § 97.</ref> As there is a danger that the Commission might rely on inconclusive data provided by member states, I would like to cite the European Court of Human Rights' critical comments on similar data regarding the retention of biometric data: “''It is true, as pointed out by the applicants, that the figures do not reveal the extent to which this 'link' with crime scenes resulted in convictions of the persons concerned or the number of convictions that were contingent on the retention of the samples of unconvicted persons. Nor do they demonstrate that the high number of successful matches with crime-scene stains was only made possible through indefinite retention of DNA records of all such persons. At the same time, in the majority of the specific cases quoted by the Government (see paragraph 93 above), the DNA records taken from the suspects produced successful matches only with earlier crime-scene stains retained on the data base. Yet such matches could have been made even in the absence of the present scheme''”.<ref name="ftn5">Marper v United Kingdom (2009) 48 EHRR 50, § 116.</ref>
 +
 
 +
An independent study commissioned by the German government found that among a sample set of 1.257 law enforcement requests for traffic data made in 2005, only 4% of requests could not be (fully) served for a lack of retained data.<ref name="ftn6">Max Planck Institute for Foreign and International Criminal Law, The Right of Discovery Concerning Telecommunication Traffic Data According to §§ 100g, 100h of the German Code of Criminal Procedure, March 2008, [http://dip21.bundestag.de/dip21/btd/16/084/1608434.pdf http://dip21.bundestag.de/dip21/btd/16/084/1608434.pdf], p. 150.</ref> Taking into account the total number of criminal investigation procedures in 2005, only 0.01% of investigations were affected by a lack of traffic data.<ref name="ftn7">Starostik, Pleadings of 17 March 2008, [http://www.vorratsdatenspeicherung.de/images/schriftsatz_2008-03-17.pdf http://www.vorratsdatenspeicherung.de/images/schriftsatz_2008-03-17.pdf], p. 2.</ref> About one third of the suspects in those procedures were still taken to court on the basis of other evidence.<ref name="ftn8">Starostik, Pleadings of 17 March 2008, p. 2.</ref> Moreover 72% of investigations with fully successful requests for traffic data did not result in an indictment.<ref name="ftn9">Starostik, Pleadings of 17 March 2008, p. 2.</ref> All in all, blanket data retention would have made a difference to only 0.002% of criminal investigations.<ref name="ftn10">Starostik, Pleadings of 17 March 2008, p. 2.</ref> This number does not change significantly when taking into account that in the absence of a blanket data retention scheme, less requests are made in the first place.<ref name="ftn11">Starostik, Pleadings of 17 March 2008, p. 2.</ref>
 +
 
 +
The German Federal Crime Agency (BKA) counted only 381 criminal investigation procedures in which traffic data was lacking in 2005.<ref name="ftn12">Starostik, Pleadings of 17 March 2008, p. 2.</ref> In view of a total of 6 million procedures in 2005, no more than 0.01% of criminal investigation procedures were potentially affected. In the absence of a blanket traffic data retention regime, German law enforcement agencies have consistently cleared more than 70% of all reported Internet offences, significantly outperforming the average crime clearance rate of about 50%. The coming into force of data retention legislation did not have any statistically significant effect on crime rates or crime clearance rates.
 +
 
 +
'''2) Blanket data retention has proven to be harmful'''
 +
 
 +
A poll<ref name="ftn13">Forsa, Opinions of citizens on data retention, 2 June 2008, [http://www.eco.de/dokumente/20080602_Forsa_VDS_Umfrage.pdf http://www.eco.de/dokumente/20080602_Forsa_VDS_Umfrage.pdf] or [http://www.webcitation.org/5sLeT8Goj http://www.webcitation.org/5sLeT8Goj].</ref> of 1,000 Germans found in 2008 that indiscriminate bulk data retention is acting as a serious deterrent to the use of telephones, mobile phones, e-mail and Internet. The survey conducted by research institute Forsa found that with communications data retention in place, one in two Germans would refrain from contacting a marriage counsellor, a psychotherapist or a drug abuse counsellor by telephone, mobile phone or e-mail if they needed their help. One in thirteen people said they had already refrained from using telephone, mobile phone or e-mail at least once because of data retention, which extrapolates to 6.5 mio. Germans in total. There can be no doubt that obstructing confidential access to help facilities poses a danger to the physical and mental health of people in need as well as of the people around them.
 +
 
 +
In a poll of 1,489 German journalists commissioned in 2008, one in fourteen journalists reported that the awareness of all communications data being retained had at least once had a negative effect on contacts with their sources.<ref name="ftn0">Meyen/Springer/Pfaff-Rüdiger, Free Journalists in Germany, 20 May 2008, [http://www.dfjv.de/fileadmin/user_upload/pdf/DFJV_Studie_Freie_Journalisten.pdf http://www.dfjv.de/fileadmin/user_upload/pdf/DFJV_Studie_Freie_Journalisten.pdf] or [http://www.webcitation.org/5sLdXIt55 http://www.webcitation.org/5sLdXIt55], p. 22.</ref> The inability to electronically receive information through untraceable channels with blanket data retention in place affects not only the press, but all watchdogs including government authorities.
 +
 
 +
Apart from this statistical evidence the German Working Group on Data Retention has received ample reports on negative effects of data retention, which have been summarised in our response to your evaluation questionnaire.<ref name="ftn14">Antworten auf den Fragebogen der Europäischen Kommission vom 30.09.2009 zur Vorratsdatenspeicherung, [http://www.vorratsdatenspeicherung.de/images/antworten_kommission_vds_2009-11-13.pdf http://www.vorratsdatenspeicherung.de/images/antworten_kommission_vds_2009-11-13.pdf], p. 2.</ref> The indiscriminate retention of all communications data turned out to disrupt confidential communications in many areas, affecting victims of sexual abuse, political activists, journalists, accountants, lawyers, businessmen, psychotherapists, drugs advisers and crisis line operators.
 +
 
 +
A poll of 2,176 Germans found in 2009 that 69.3% oppose data retention, making it the most strongly rejected surveillance scheme of all, including biometric passports, access to bank data, remote computer searches or PNR retention.<ref name="ftn15">Infas poll, [http://www.vorratsdatenspeicherung.de/images/infas-umfrage.pdf http://www.vorratsdatenspeicherung.de/images/infas-umfrage.pdf]. </ref> It appears the public opinion has not yet been tested on a European scale. We would be happy to assist in preparing a Eurobarometer poll on the matter though. A 2008 Eurobarometer poll found that a large majority of 69-81% of EU citizens rejected the idea of “monitoring” the Internet use or phone calls of non-suspects even in light of the fight against international terrorism.<ref name="ftn16">Flash Eurobarometer, Data Protection in the European Union, February 2008,[http://ec.europa.eu/public_opinion/flash/fl_225_en.pdf  http://ec.europa.eu/public_opinion/flash/fl_225_en.pdf], p. 48 (32+18+19=69%, 35+21+25=81%).</ref>
 +
 
 +
'''3) Blanket data retention has proven to be unconstitutional'''
 +
 
 +
<nowiki>Last year the Romanian Constitutional Court found that data retention per se breached Article 8 of the European Convention on Human Rights: “[Data retention] equally addresses all the law subjects, regardless of whether they have committed penal crimes or not or whether they are the subject of a penal investigation or not, which is likely to overturn the presumption of innocence and to transform a priori all users of electronic communication services or public communication networks into people susceptible of committing terrorism crimes or other serious crimes. Law 298/2008 [applies] practically to all physical and legal persons users of electronic communication services or public communication networks – so, it cannot be considered to be in agreement with the provisions in the Constitution and Convention for the defence of human rights and fundamental freedoms regarding the guaranteeing of the rights to private life, secrecy of the correspondence and freedom of expression.”</nowiki><ref name="ftn17">Constitutional Court of Romania, decision of 8 October 2009, [http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/romanian-constitutional-court-decision-regarding-data-retention.html http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/romanian-constitutional-court-decision-regarding-data-retention.html]. </ref>
 +
 
 +
The Federal Constitutional Court of Germany then ruled the German data retention requirements unconstitutional and void for being disproportionate in their concrete form.<ref name="ftn21">Federal Constitutional Court of Germany, decision of 2 March 2010, [http://www.bverfg.de/en/press/bvg10-011en.html http://www.bverfg.de/en/press/bvg10-011en.html]. </ref> Although the Court considered that data retention did not per se breach the German constitution, it did not assess the compatibility of data retention with the European Convention on Human Rights, or with the EU Charter of Fundamental Rights.
 +
 
 +
There are further complaints pending before the Hungarian Constitutional Court<ref name="ftn19">Hungarian Civil Liberties Union, Constitutional Complaint Filed by HCLU Against Hungarian Telecom Data Retention Regulations, 2 June 2008, [http://tasz.hu/en/data-protection/constitutional-complaint-filed-hclu-against-hungarian-telecom-data-retention-regulat http://tasz.hu/en/data-protection/constitutional-complaint-filed-hclu-against-hungarian-telecom-data-retention-regulat]. </ref> and before the Irish High Court. Recently, the Irish High Court ruled in favour of a request to challenge the Data Retention Directive at the EU Court of Justice.<ref name="ftn20">High Court of Ireland, decision of ..., [http://www.scribd.com/doc/30950035/Data-Retention-Challenge-Judgment-re-Preliminary-Reference-Standing-Security-for-Costs http://www.scribd.com/doc/30950035/Data-Retention-Challenge-Judgment-re-Preliminary-Reference-Standing-Security-for-Costs]. </ref><nowiki> The Court found that data retention had the potential to be of “importance to the whole nature of our society”. “[I]t is clear that where surveillance is undertaken it must be justified and generally should be targeted”. The Court ruled that civil liberties campaign group Digital Rights Ireland had the right to contest “whether the impugned provisions violate citizen's rights to privacy and communications” under the EU treaties, the European Convention on Human Rights and the EU Charter of Fundamental Rights. The reference to the EU Court of Justice is expected in the next weeks.</nowiki>
 +
 
 +
The Court of Justice can be expected to follow the previous rulings and annul directive 2006/24, having regard to the jurisprudence of the European Court of Human Rights. The Grand Chamber of the latter Court found in 2008 that the retention of biometrics on mere suspects breached Article 8 of the European Convention on Human Rights: “''In conclusion, the Court finds that the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences, as applied in the case of the present applicants, fails to strike a fair balance between the competing public and private interests and that the respondent State has overstepped any acceptable margin of appreciation in this regard. Accordingly, the retention at issue constitutes a disproportionate interference with the applicants' right to respect for private life and cannot be regarded as necessary in a democratic society.''”<ref name="ftn18">European Court of Human Rights, decision of 4 December 2008, [http://www.webcitation.org/5g6FzdBr4 http://www.webcitation.org/5g6FzdBr4], § 125.</ref> This assessment of the collection of identification data on 5 million citizens<ref name="ftn22">Human Genetics Commission, Nothing to hide, nothing to Fear?, November 2009, [http://www.hgc.gov.uk/UploadDocs/DocPub/Document/Nothing%20to%20hide,%20nothing%20to%20fear%20-%20online%20version.pdf http://www.hgc.gov.uk/UploadDocs/DocPub/Document/Nothing%20to%20hide,%20nothing%20to%20fear%20-%20online%20version.pdf], p. 4.</ref> must, ''a fortiori'', apply to the much larger collection of information on the daily communications of 500 million citizens throughout the EU.
 +
 
 +
'''4) Proposal'''
 +
 
 +
Repealing directive 2006/24 would not prevent member states from maintaining data retention schemes and would remove the upper limits the directive sets. We are therefore currently discussing, both in our coalition and with industry, a joint proposal to limit the application of directive 2006/24 to Member States that decide to impose data retention nationally. According to this proposal, directive 2006/24 should be amended to give Member States a choice: First the option of sticking with directive 2002/58 and the Council of Europe's Convention on Cybercrime that sets an international standard for a system of expedited preservation and targeted collection of traffic data. Second the option of a harmonised and minimised data retention scheme with compulsory cost reimbursement for providers. There are many advantages to such a two-pronged proposal in comparison to a mere repetition, more or less, of the initial proposal that was put forward by the Commission in 2005.<ref name="ftn23">COM(2005)438.</ref> I am setting out some of those advantages in a separate document attached to this letter.
 +
 
 +
We would welcome very much your embracing of this concept in the upcoming evaluation report, and in a subsequent legislative proposal. Please be assured of our full support in removing the compulsory EU requirements regarding blanket communications data retention.
 +
 
 +
 
 +
Yours sincerely,
 +
 
 +
 
 +
...
 +
 
 +
 
 +
cc.
 +
*Ms Viviane Reding, Vice President
 +
*Ms Neelie Kroes, Vice President
 +
 
 +
 
 +
'''Draft Proposal regarding Telecommunications Data Retention'''
 +
 
 +
The EU data retention directive, adopted in 2006, currently requires all 27 EU Member States to compel telecommunications and Internet companies to indiscriminately collect data about all of their customers' communications. “The majority of Member States do not reimburse costs incurred by operators to retain and retrieve data”, the Commission reports. Industry has so far been lobbying for replacing the current directive with a harmonised data retention regime that includes a cost reimbursement provision.
 +
 
 +
'''Why should the Commission not solely propose a harmonised data retention regime with compulsory cost reimbursement?'''
 +
 
 +
A proposal to this effect is unlikely to succeed and may result in no changes to the data retention directive at all. This would mean that all providers in the EU would continue to be compelled to retain and hand over varying types of data, mostly at their own expense.
 +
 
 +
The Commission's initial proposal for the data retention directive (COM/2005/0438) already once suggested a uniform data retention regime with compulsory cost reimbursement. This proposal was clearly rejected by Member States due to differing legal traditions and due to the high cost of blanket data retention. This situation persists in 2010. It is unlikely a voting majority of the 27 EU Member States would be prepared to accept a uniform data retention regime with compulsory cost reimbursement.
 +
 
 +
In addition, even where some cost reimbursement is in place, it generally covers only a share of the total cost of retrieving, storing and handing over of bulk data. Data retention is never profitable but always troublesome and distracts providers from their business. The constant risk of a theft, loss or abuse of sensitive communications data puts providers' reputation at risk. Customers generally dislike a blanket retention of their communications data in the absence of any suspicion.
 +
 
 +
'''What proposal should the Commission make instead?'''
 +
 
 +
The EU data retention directive should offer two alternatives to member states: First the option of a modest and harmonised data retention scheme with compulsory cost reimbursement. Second the option of no national data retention scheme at all (but instead a system of expedited preservation and targeted collection of traffic data as agreed in the Council of Europe's Convention on Cybercrime).
 +
 
 +
'''What are the advantages of an optional approach?'''
 +
 
 +
National data retention provisions need to be harmonised only where they are in place. In other member states directive 2002/58 is achieving an even better harmonization. With a choice of a harmonised regime or no data retention scheme at all, the legal situation would become much more harmonised than under directive 2006/24. Making data retention optional at the EU level would also remove the legal risk of directive 2006/24 being annulled. Furthermore it would take into account the situation of Member States that are legally unable (Romania) or politically unwilling to introduce blanket data retention legislation.
 +
 
 +
For industry, optional data retention is the only feasible way to prevent Member States from adopting or maintaining costly and uncompensated data retention requirements. Member States are more likely to accept a harmonised data retention regime with compulsory cost reimbursement if they are given the alternative to opt out. Some Member States would be happy not to introduce data retention requirements at all for political, constitutional of financial reasons. The German liberal party has already decided not to re-introduce data retention legislation if given a choice by the EU. Romania has been ordered not to re-introduce data retention legislation by its Constitutional Court. At present several states across Europe do not have data retention requirements in place (e.g. Austria, Belgium, Germany, Greece, Romania, Sweden). Whereas the current data retention directive will ultimately force thousands of providers in these countries to retain data at their own cost, an optional directive would take that burden off those providers entirely. Other Member States would still insist on having data retained, but could be convinced to accept having to compensate providers by at least reimbursing a fair share of their costs.
 +
 
 +
For citizens, making data retention optional would finally give national parliaments, the citizens (in referendums) and Constitutional Courts the opportunity to opt for a targeted approach instead of indiscriminately having the entire population's communications data retained.
 +
 
 +
The Commission, industry and civil society jointly pushing for an optional directive as set out above could create political majorities that would otherwise not be possible to achieve. Civil society is a major political factor and has a strong interest in making the data retention directive optional. In June, more than 100 organisations from 23 European countries spoke out against data retention, including major NGOs such as EDRi, FFII and Human Rights Watch.
 +
 
 +
 
 +
----
 +
<references/>

Version vom 29. August 2010, 19:32 Uhr

Recipients

  1. Cecilia Malmström, European Commissioner for Home Affairs, BE-1049 Brussels, Belgium
  2. Viviane Reding, European Commission Vice-President with responsibility for Justice, Fundamental Rights and Citizenship, BE-1049 Brussels, Belgium
  3. Neelie Kroes, European Commission Vice-President with responsibility for the Digital Agenda

Draft text

Cecilia Malmström

European Commissioner for Home Affairs

BE-1049 Brussels


1 September 2010


Dear Ms Malmström,


Thank you for your reply of 12 July to the joint letter of more than 100 organisations from 23 European countries asking you to “propose the repeal of the EU requirements regarding data retention in favour of a system of expedited preservation and targeted collection of traffic data”.

I welcome your intention to assess the proportionality of directive 2006/24, and I support the opinion you gave in this regard as a Member of European Parliament: “I have so far not been convinced by the arguments for developing extensive systems for storing data, telephone conversations, e-mails and text messages. Developing these would be a very major encroachment on privacy, with a high risk of the systems being abused in many ways. The fact is that most of us, after all, are not criminals.[1]

In your reply of 12 July you ask for more information regarding two statements in our letter: “Studies prove that the communications data available without data retention are generally sufficient for effective criminal investigations. Blanket data retention has proven to be superfluous, harmful or even unconstitutional in many states across Europe, such as Austria, Belgium, Germany, Greece, Romania and Sweden.”

1) Blanket data retention has proven to be superfluous

This statement firstly relies on the experience of states around the world whose law enforcement agencies operate successfully without relying on blanket data retention. Among these states are Germany, Austria, Belgium, Greece, Romania, Sweden, Canada and EU member states with data retention legislation that is not yet being applied. The absence of data retention legislation does not lead to a rise in crime in those states, or to a decrease in crime clearance rates, not even in regard to Internet crime. Nor did the coming into force of data retention legislation have any statistically significant effect on crime or crime clearance.

This is exemplified by statistics published by the German Federal Crime Agency (BKA) and the State Crime Agency (LKA) of North Rhine-Westphalia:

German Crime Statistics 2005 2006 2007 2008 (telephone data retention in force) 2009 (Internet data retention in force)
Registered crime 6 391 715 6 304 223 6 284 661 6 114 128 6 054 330
Clearance rate 55,0% 55,4% 55,0% 54,8% 55,6%
Registered Internet crime 118 036 165 720 179 026 167 451 206.909
Clearance rate for Internet crime 84,9% 84,4% 82,9% 79,8% n/a
Clearance rate for Internet crime in North Rhine-Westphalia (most populated state) 84,8 % 85,9 % 84,0 % 76,9 % 77,3 %

Notwithstanding this comprehensive evidence, I would like to recall that we cannot be expected to prove that blanket data retention is superfluous. The onus of proof regarding the alleged necessity of blanket data retention is clearly on its proponents. In our response[2] to your evaluation questionnaire we have explained why access statistics, anecdotal evidence or perceived utility[3] do not prove a need for blanket data retention: Successful requests for traffic data retained under directive 2006/24 do not prove that data would otherwise have been lacking, despite the commercial billing data stored under directive 2002/58 and extra data stored in compliance with specific judicial orders. Even where extra data is disclosed under data retention schemes, it often has no influence on the outcome of investigation procedures.

The utility of access to communications data by law enforcement agencies does not mean that there was a need to retain such data indiscriminately. The European Court of Human Rights has consistently held that mere usefulness does not satisfy the test of necessity.[4] As there is a danger that the Commission might rely on inconclusive data provided by member states, I would like to cite the European Court of Human Rights' critical comments on similar data regarding the retention of biometric data: “It is true, as pointed out by the applicants, that the figures do not reveal the extent to which this 'link' with crime scenes resulted in convictions of the persons concerned or the number of convictions that were contingent on the retention of the samples of unconvicted persons. Nor do they demonstrate that the high number of successful matches with crime-scene stains was only made possible through indefinite retention of DNA records of all such persons. At the same time, in the majority of the specific cases quoted by the Government (see paragraph 93 above), the DNA records taken from the suspects produced successful matches only with earlier crime-scene stains retained on the data base. Yet such matches could have been made even in the absence of the present scheme”.[5]

An independent study commissioned by the German government found that among a sample set of 1.257 law enforcement requests for traffic data made in 2005, only 4% of requests could not be (fully) served for a lack of retained data.[6] Taking into account the total number of criminal investigation procedures in 2005, only 0.01% of investigations were affected by a lack of traffic data.[7] About one third of the suspects in those procedures were still taken to court on the basis of other evidence.[8] Moreover 72% of investigations with fully successful requests for traffic data did not result in an indictment.[9] All in all, blanket data retention would have made a difference to only 0.002% of criminal investigations.[10] This number does not change significantly when taking into account that in the absence of a blanket data retention scheme, less requests are made in the first place.[11]

The German Federal Crime Agency (BKA) counted only 381 criminal investigation procedures in which traffic data was lacking in 2005.[12] In view of a total of 6 million procedures in 2005, no more than 0.01% of criminal investigation procedures were potentially affected. In the absence of a blanket traffic data retention regime, German law enforcement agencies have consistently cleared more than 70% of all reported Internet offences, significantly outperforming the average crime clearance rate of about 50%. The coming into force of data retention legislation did not have any statistically significant effect on crime rates or crime clearance rates.

2) Blanket data retention has proven to be harmful

A poll[13] of 1,000 Germans found in 2008 that indiscriminate bulk data retention is acting as a serious deterrent to the use of telephones, mobile phones, e-mail and Internet. The survey conducted by research institute Forsa found that with communications data retention in place, one in two Germans would refrain from contacting a marriage counsellor, a psychotherapist or a drug abuse counsellor by telephone, mobile phone or e-mail if they needed their help. One in thirteen people said they had already refrained from using telephone, mobile phone or e-mail at least once because of data retention, which extrapolates to 6.5 mio. Germans in total. There can be no doubt that obstructing confidential access to help facilities poses a danger to the physical and mental health of people in need as well as of the people around them.

In a poll of 1,489 German journalists commissioned in 2008, one in fourteen journalists reported that the awareness of all communications data being retained had at least once had a negative effect on contacts with their sources.[14] The inability to electronically receive information through untraceable channels with blanket data retention in place affects not only the press, but all watchdogs including government authorities.

Apart from this statistical evidence the German Working Group on Data Retention has received ample reports on negative effects of data retention, which have been summarised in our response to your evaluation questionnaire.[15] The indiscriminate retention of all communications data turned out to disrupt confidential communications in many areas, affecting victims of sexual abuse, political activists, journalists, accountants, lawyers, businessmen, psychotherapists, drugs advisers and crisis line operators.

A poll of 2,176 Germans found in 2009 that 69.3% oppose data retention, making it the most strongly rejected surveillance scheme of all, including biometric passports, access to bank data, remote computer searches or PNR retention.[16] It appears the public opinion has not yet been tested on a European scale. We would be happy to assist in preparing a Eurobarometer poll on the matter though. A 2008 Eurobarometer poll found that a large majority of 69-81% of EU citizens rejected the idea of “monitoring” the Internet use or phone calls of non-suspects even in light of the fight against international terrorism.[17]

3) Blanket data retention has proven to be unconstitutional

Last year the Romanian Constitutional Court found that data retention per se breached Article 8 of the European Convention on Human Rights: “[Data retention] equally addresses all the law subjects, regardless of whether they have committed penal crimes or not or whether they are the subject of a penal investigation or not, which is likely to overturn the presumption of innocence and to transform a priori all users of electronic communication services or public communication networks into people susceptible of committing terrorism crimes or other serious crimes. Law 298/2008 [applies] practically to all physical and legal persons users of electronic communication services or public communication networks – so, it cannot be considered to be in agreement with the provisions in the Constitution and Convention for the defence of human rights and fundamental freedoms regarding the guaranteeing of the rights to private life, secrecy of the correspondence and freedom of expression.”[18]

The Federal Constitutional Court of Germany then ruled the German data retention requirements unconstitutional and void for being disproportionate in their concrete form.[19] Although the Court considered that data retention did not per se breach the German constitution, it did not assess the compatibility of data retention with the European Convention on Human Rights, or with the EU Charter of Fundamental Rights.

There are further complaints pending before the Hungarian Constitutional Court[20] and before the Irish High Court. Recently, the Irish High Court ruled in favour of a request to challenge the Data Retention Directive at the EU Court of Justice.[21] The Court found that data retention had the potential to be of “importance to the whole nature of our society”. “[I]t is clear that where surveillance is undertaken it must be justified and generally should be targeted”. The Court ruled that civil liberties campaign group Digital Rights Ireland had the right to contest “whether the impugned provisions violate citizen's rights to privacy and communications” under the EU treaties, the European Convention on Human Rights and the EU Charter of Fundamental Rights. The reference to the EU Court of Justice is expected in the next weeks.

The Court of Justice can be expected to follow the previous rulings and annul directive 2006/24, having regard to the jurisprudence of the European Court of Human Rights. The Grand Chamber of the latter Court found in 2008 that the retention of biometrics on mere suspects breached Article 8 of the European Convention on Human Rights: “In conclusion, the Court finds that the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences, as applied in the case of the present applicants, fails to strike a fair balance between the competing public and private interests and that the respondent State has overstepped any acceptable margin of appreciation in this regard. Accordingly, the retention at issue constitutes a disproportionate interference with the applicants' right to respect for private life and cannot be regarded as necessary in a democratic society.[22] This assessment of the collection of identification data on 5 million citizens[23] must, a fortiori, apply to the much larger collection of information on the daily communications of 500 million citizens throughout the EU.

4) Proposal

Repealing directive 2006/24 would not prevent member states from maintaining data retention schemes and would remove the upper limits the directive sets. We are therefore currently discussing, both in our coalition and with industry, a joint proposal to limit the application of directive 2006/24 to Member States that decide to impose data retention nationally. According to this proposal, directive 2006/24 should be amended to give Member States a choice: First the option of sticking with directive 2002/58 and the Council of Europe's Convention on Cybercrime that sets an international standard for a system of expedited preservation and targeted collection of traffic data. Second the option of a harmonised and minimised data retention scheme with compulsory cost reimbursement for providers. There are many advantages to such a two-pronged proposal in comparison to a mere repetition, more or less, of the initial proposal that was put forward by the Commission in 2005.[24] I am setting out some of those advantages in a separate document attached to this letter.

We would welcome very much your embracing of this concept in the upcoming evaluation report, and in a subsequent legislative proposal. Please be assured of our full support in removing the compulsory EU requirements regarding blanket communications data retention.


Yours sincerely,


...


cc.

  • Ms Viviane Reding, Vice President
  • Ms Neelie Kroes, Vice President


Draft Proposal regarding Telecommunications Data Retention

The EU data retention directive, adopted in 2006, currently requires all 27 EU Member States to compel telecommunications and Internet companies to indiscriminately collect data about all of their customers' communications. “The majority of Member States do not reimburse costs incurred by operators to retain and retrieve data”, the Commission reports. Industry has so far been lobbying for replacing the current directive with a harmonised data retention regime that includes a cost reimbursement provision.

Why should the Commission not solely propose a harmonised data retention regime with compulsory cost reimbursement?

A proposal to this effect is unlikely to succeed and may result in no changes to the data retention directive at all. This would mean that all providers in the EU would continue to be compelled to retain and hand over varying types of data, mostly at their own expense.

The Commission's initial proposal for the data retention directive (COM/2005/0438) already once suggested a uniform data retention regime with compulsory cost reimbursement. This proposal was clearly rejected by Member States due to differing legal traditions and due to the high cost of blanket data retention. This situation persists in 2010. It is unlikely a voting majority of the 27 EU Member States would be prepared to accept a uniform data retention regime with compulsory cost reimbursement.

In addition, even where some cost reimbursement is in place, it generally covers only a share of the total cost of retrieving, storing and handing over of bulk data. Data retention is never profitable but always troublesome and distracts providers from their business. The constant risk of a theft, loss or abuse of sensitive communications data puts providers' reputation at risk. Customers generally dislike a blanket retention of their communications data in the absence of any suspicion.

What proposal should the Commission make instead?

The EU data retention directive should offer two alternatives to member states: First the option of a modest and harmonised data retention scheme with compulsory cost reimbursement. Second the option of no national data retention scheme at all (but instead a system of expedited preservation and targeted collection of traffic data as agreed in the Council of Europe's Convention on Cybercrime).

What are the advantages of an optional approach?

National data retention provisions need to be harmonised only where they are in place. In other member states directive 2002/58 is achieving an even better harmonization. With a choice of a harmonised regime or no data retention scheme at all, the legal situation would become much more harmonised than under directive 2006/24. Making data retention optional at the EU level would also remove the legal risk of directive 2006/24 being annulled. Furthermore it would take into account the situation of Member States that are legally unable (Romania) or politically unwilling to introduce blanket data retention legislation.

For industry, optional data retention is the only feasible way to prevent Member States from adopting or maintaining costly and uncompensated data retention requirements. Member States are more likely to accept a harmonised data retention regime with compulsory cost reimbursement if they are given the alternative to opt out. Some Member States would be happy not to introduce data retention requirements at all for political, constitutional of financial reasons. The German liberal party has already decided not to re-introduce data retention legislation if given a choice by the EU. Romania has been ordered not to re-introduce data retention legislation by its Constitutional Court. At present several states across Europe do not have data retention requirements in place (e.g. Austria, Belgium, Germany, Greece, Romania, Sweden). Whereas the current data retention directive will ultimately force thousands of providers in these countries to retain data at their own cost, an optional directive would take that burden off those providers entirely. Other Member States would still insist on having data retained, but could be convinced to accept having to compensate providers by at least reimbursing a fair share of their costs.

For citizens, making data retention optional would finally give national parliaments, the citizens (in referendums) and Constitutional Courts the opportunity to opt for a targeted approach instead of indiscriminately having the entire population's communications data retained.

The Commission, industry and civil society jointly pushing for an optional directive as set out above could create political majorities that would otherwise not be possible to achieve. Civil society is a major political factor and has a strong interest in making the data retention directive optional. In June, more than 100 organisations from 23 European countries spoke out against data retention, including major NGOs such as EDRi, FFII and Human Rights Watch.



  1. Debate of 7 September 2005, http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+CRE+20050907+ITEM-002+DOC+XML+V0//EN&query=INTERV&detail=3-044.
  2. Antworten auf den Fragebogen der Europäischen Kommission vom 30.09.2009 zur Vorratsdatenspeicherung, http://www.vorratsdatenspeicherung.de/images/antworten_kommission_vds_2009-11-13.pdf, p. 29.
  3. Such as cited in the “Overview of information management in the area of freedom, security and justice”, COM(2010)385, p. 36, as well as in a “Room Document”, http://www.vorratsdatenspeicherung.de/images/RoomDocumentEvaluationDirective200624EC.pdf.
  4. Silver v. UK (1983) 5 EHRR 347, § 97.
  5. Marper v United Kingdom (2009) 48 EHRR 50, § 116.
  6. Max Planck Institute for Foreign and International Criminal Law, The Right of Discovery Concerning Telecommunication Traffic Data According to §§ 100g, 100h of the German Code of Criminal Procedure, March 2008, http://dip21.bundestag.de/dip21/btd/16/084/1608434.pdf, p. 150.
  7. Starostik, Pleadings of 17 March 2008, http://www.vorratsdatenspeicherung.de/images/schriftsatz_2008-03-17.pdf, p. 2.
  8. Starostik, Pleadings of 17 March 2008, p. 2.
  9. Starostik, Pleadings of 17 March 2008, p. 2.
  10. Starostik, Pleadings of 17 March 2008, p. 2.
  11. Starostik, Pleadings of 17 March 2008, p. 2.
  12. Starostik, Pleadings of 17 March 2008, p. 2.
  13. Forsa, Opinions of citizens on data retention, 2 June 2008, http://www.eco.de/dokumente/20080602_Forsa_VDS_Umfrage.pdf or http://www.webcitation.org/5sLeT8Goj.
  14. Meyen/Springer/Pfaff-Rüdiger, Free Journalists in Germany, 20 May 2008, http://www.dfjv.de/fileadmin/user_upload/pdf/DFJV_Studie_Freie_Journalisten.pdf or http://www.webcitation.org/5sLdXIt55, p. 22.
  15. Antworten auf den Fragebogen der Europäischen Kommission vom 30.09.2009 zur Vorratsdatenspeicherung, http://www.vorratsdatenspeicherung.de/images/antworten_kommission_vds_2009-11-13.pdf, p. 2.
  16. Infas poll, http://www.vorratsdatenspeicherung.de/images/infas-umfrage.pdf.
  17. Flash Eurobarometer, Data Protection in the European Union, February 2008,http://ec.europa.eu/public_opinion/flash/fl_225_en.pdf, p. 48 (32+18+19=69%, 35+21+25=81%).
  18. Constitutional Court of Romania, decision of 8 October 2009, http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/romanian-constitutional-court-decision-regarding-data-retention.html.
  19. Federal Constitutional Court of Germany, decision of 2 March 2010, http://www.bverfg.de/en/press/bvg10-011en.html.
  20. Hungarian Civil Liberties Union, Constitutional Complaint Filed by HCLU Against Hungarian Telecom Data Retention Regulations, 2 June 2008, http://tasz.hu/en/data-protection/constitutional-complaint-filed-hclu-against-hungarian-telecom-data-retention-regulat.
  21. High Court of Ireland, decision of ..., http://www.scribd.com/doc/30950035/Data-Retention-Challenge-Judgment-re-Preliminary-Reference-Standing-Security-for-Costs.
  22. European Court of Human Rights, decision of 4 December 2008, http://www.webcitation.org/5g6FzdBr4, § 125.
  23. Human Genetics Commission, Nothing to hide, nothing to Fear?, November 2009, http://www.hgc.gov.uk/UploadDocs/DocPub/Document/Nothing%20to%20hide,%20nothing%20to%20fear%20-%20online%20version.pdf, p. 4.
  24. COM(2005)438.