DR-FAQ
Aus Freiheit statt Angst!
It is important for us all (including members that aren't involved yet) to have a very clear message on all common questions and - above all - avoid contradicting ourselves! We are preparing an "faq" initially for internal use and subsequently to use as lobby material for the Parliament, journalists, politicians, activists, etc., like the one on SWIFT - http://www.edri.org/faq-2-swift-agreement-edri.
Does data retention help to cut crime?
Data retention does not help to cut crime. According to official police statistics, the introduction of data retention legislation has not lead to a decrease in crime, nor even to an increase in clearance rates. Crime rates in Member States that have a targeted system in place are no higher than in states relying on a system of blanket data retention. The same applies to crime clearance rates. Even police statistics regarding cybercrime do not reveal any effect of blanket retention on crime or crime clearance rates.
What about evidence of serious crime being detected using retained data?
Anecdotal evidence, access statistics or perceived utility do not demonstrate a need for blanket data retention for several reasons: Firstly, successful access to communications data retained under directive 2006/24 does not prove that the data would otherwise have been lacking, despite the commercial billing data stored under directive 2002/58 and extra data stored in compliance with specific judicial orders. Secondly, even in the relatively rare cases where extra data is disclosed under data retention schemes, it often has no influence on the outcome of the investigation procedure. Blanket retention can even have a negative effect on the prosecution of crime as it raises the awareness of tracability and makes criminals use circumvention techniques or resort to other communications channels. Overall, states using a targeted approach instead of blanket retention detect and prosecute serious crime just as well as states relying on a blanket and indiscriminate retention scheme.
Are there alternatives to data retention?
Expedited preservation and targeted collection of traffic data is a good alternative to a blanket collection of information on the entire population's communications. Targeted data preservation is the internationally recognized, standard procedure in prosecuting cyber-crime, having been agreed upon in the Council of Europe's 2001 Convention on Cybercrime. This convention, which also provides for an international exchange of communications data, has been signed by all EU Member States as well as, for example, by Norway, Canada, Japan, South Africa and the United States of America. Studies prove that the communications data available without blanket data retention are generally sufficient for effective criminal investigations. Blanket data retention has proven to be superfluous, harmful or even unconstitutional in many states across Europe, such as Austria, Germany, Greece, Romania and Sweden. These states prosecute crime just as effectively using targeted instruments.
What does civil society propose as an alternative?
Civil society proposes the repeal of the EU requirements regarding data retention in favour of a system of expedited preservation, targeted collection and international cooperation regarding communications data as agreed in the Council of Europe's Convention on Cybercrime.
If a prohibition of blanket data retention throughout the EU is not feasible, Member States should at the very least be given a choice: First the option of sticking with directive 2002/58 and the Council of Europe's Convention on Cybercrime. Second the option of a fully harmonised and minimised data retention scheme with compulsory cost reimbursement for providers.
Would a choice-based approach not fail the objective of harmonization?
A choice-based approach as proposed above would achieve much more harmonization than the current directive does. Under directive 2006/24/EC, national data retention policies are varying so widely in terms of data types, storage periods, reimbursement and access that the situation is far more harmonised in countries that have decided to stick with directive 2002/58 and not impose blanket data retention. National data retention provisions need to be harmonised only where they are in place. While it is true that a choice-based approach does not achieve total harmonisation, neither does the current data retention directive.
Furthermore, it is impossible to impose blanket retention throughout the EU due to differences in legal traditions, constitutions and political preferences. Several Member States are legally unable or politically unwilling to introduce blanket data retention legislation. The Romanian constitutional court has decided in 2009 that data retention per se breaches Article 8 of the European Convention on Human Rights and may thus not be enacted in Romania. The Court of Justice of the European Union and the European Court of Human Rights have yet to decide on the proportionality of a blanket and indiscriminate retention of information on the entire population's communications in the absence of any suspicion. Legal experts expect the European Court of Justice to follow the Constitutional Court of Romania as well as the European Court of Human Rights's Marper judgement and declare the retention of telecommunications data in the absence of any suspicion incompatible with the EU Charter of Fundamental Rights.
Would Council realistically accept a choice-based approach?
If the concept of a choice-based approach is embraced and supported by other relevant actors, chances are good that the majority of Member States can be persuaded to accept this approach. Member States are well aware of the differences in their legal traditions, constitutions and political preferences that make it impossible to continue imposing blanket retention on every Member State.
