Data Retention Means You Are On The Record, Like It Or Not

from the it's-not-retention,-it's-surveillance dept

This week the advocate general of the Court of Justice of the EU (CJEU), Yves Bot, publishes an opinion on the extent to which the Data Retention Directive, one of the most controversial security measures introduced by the EU in the past decade, is compatible with human rights law. Although not a binding judgement (this will come later), the CJEU’s opinion is a significant intervention in the ongoing debate over how to balance human rights with states' perceived surveillance needs.

The security-related retention of communications by telecoms firms was on the European agenda well before 9/11, but privacy concerns had led to a limited approach. Telecoms companies in the EU were obliged to delete communications data as soon as all business needs had been met; the data could not be retained for security or criminal investigation purposes. Some states had attempted to adjust this and introduce a retention system in 2000, but this failed - again, largely because of privacy concerns. All this changed, however, after 9/11.

As early as May 2002, a “data retention amendment” had been made to existing EU privacy laws to allow for security-related data retention, and drafts of a provision that would require retention began to circulate. Those proposals attracted so much rights-based criticism that they were apparently abandoned; however, they quickly reappeared in the wake of the London and Madrid bombings, and in 2006, the Data Retention Directive was adopted.

It obliges all member states to introduce national data retention regimes, even where -— as in the UK —- there had already been significant resistance to such regimes when they were previously proposed at a national level. The directive requires telecommunications providers to retain data on the source, destination, time, date, duration and type of all communications by fixed and mobile telephone, fax and internet, and on the location and type of equipment used.

The data is to be retained for between six months and two years, with national law deciding on the duration, and can be accessed by state agencies investigating “serious crime” —- a term that has different definitions across the member states.

Blanket surveillance

The volume and extent of information retained under the directive is stunning; in effect, it has introduced a system of blanket surveillance across the entire EU. Although access to the information is regulated by law, state agencies can nonetheless access an enormous amount of information about our communications patterns and activities. This naturally raises serious human rights concerns, especially about privacy.

Security services insist that data retention is an indispensable tool for investigating serious crimes, such as terrorism and the production and distribution of child pornography. Yet different states make use of the Directive to wildly varying extents: in 2012, for example, Cyprus made 22 requests for access to data, while the UK made 725,467.

The question for the advocate general, the CJEU and the EU more broadly is whether or not the approach taken by the directive privileges perceived security needs over human rights. Data retention unquestionably constitutes a prima facie infringement on privacy; the real issue is whether this infringement is justified because it is necessary, effective, and limited. This question is at the core of all debates about “balance” in the security context: how far are we prepared to allow state power into our individual, family, social and democratic lives in order to “secure” us?

Answering this question requires us to decide on what we think “effectiveness” means in the context of security. If the directive helps to resolve a handful of serious crimes per year, or to prevent one terrorist attack, is it effective? Could a more limited approach -— such as requiring telecoms companies to collect data related to certain investigations but not to retain all data -— achieve the same security objectives while better protecting rights?

These are difficult questions, but they are ones we must resolve if we are to have a balanced security system. The advocate general’s opinion will be an important contribution to the debate, but it will not be the final word. Achieving a balanced approach to security requires critical scrutiny at practical, political, social and legal levels. This is all the more true given that, as the Data Retention Directive illustrates, security measures operate upon and have implications for the rights of all of us, all of the time.

Fiona de Londras is the Project Co-Ordinator of SECILE (Securing Europe through Counter-Terrorism: Impact, Legitimacy and Effectiveness), a project that has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement number 313195.

The Conversation

This article was originally published at The Conversation. Read the original article.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Nov 7th, 2013 @ 4:39pm

    This data collection will facilitate MORE crime

    Criminals -- pedophiles, blackmailers, stalkers, thieves, phishers, extortionists, etc. -- now know that this data exists. They know that it could have immense value to them in the pursuit of their activities. It's the motherlode.

    It won't be long until they get it. And soon enough, they'll start using it. (Please, everyone, spare me any assertion that it's held securely. It's not.)

    So one of the incidental consequences with this, in addition to the massive invasion of privacy that it represents, is that it provides one-stop shopping for some of the worst people on the planet.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 8th, 2013 @ 4:53am

      Re: This data collection will facilitate MORE crime

      I recall, in the not too distant past, there was legislation addressing the consequences of lackadaisical data security. At this time the media had quite a few stories about corporate mishandling of customer data. There was poorly protected wifi, unencrypted laptops left in unlocked vehicles, these are just a few.

      I doubt anyone has addressed their poor securing of customer data, apparently there is little to no consequence. Maybe they were being paid to do so.

      Anyway, I doubt the government is any better at having concern for the securing of peoples personal data.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 7th, 2013 @ 5:20pm

    Data retention

    Just like Google, your point is ?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Rapnel (profile), Nov 7th, 2013 @ 9:09pm

      Re: Data retention

      Yeah dude. But who has all the google data now? Yeah. The same folks that would kill a man and bomb a city. The only boom-boom google gives is pictures ( and a lot of application technology that a lot of people seem to enjoy .. sophisticated boom-boom).

      Data retention. That was a portion of the point I think. How long is too long? And if never enough is insufficient then that leads me to believe that the logical conclusion is that only enough data for the system to continue need be retained. The question then becomes "What is the system?". The more data that authority has to farm then the more they will. It seems they could care less who has it as long as they get it. Boy, authority likes metatdata too don't they? Hm.. Bad enough to bomb cities? .. Damn it, since the files are in the control of authority I guess that leaves room for lots of things. Just focus, OK? Who is the more likely to be viewed as an enemy of the state? You or Google? Take your time.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 7th, 2013 @ 5:52pm

    Human rights

    "This week the advocate general of the Court of Justice of the EU (CJEU), Yves Bot, publishes an opinion on the extent to which the Data Retention Directive, one of the most controversial security measures introduced by the EU in the past decade, is compatible with human rights law."

    Is this the same directive that's been found unconstitutional by a number of European Union members? The same the European Union has kept pushing its member states into adopting despite their respective rejections of the directive?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 7th, 2013 @ 7:43pm

    And tonite

    "Tonite in the Big Brother House we have EVERYONE IN THE UK, except the Secret Police who think they should have privacy to break the laws."

    I never thought Britain would end up with a Secret Police, who spy on Brits without warrants.

    I knew it was getting bad, but I never knew just how bad it was getting.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 8th, 2013 @ 1:11am

      Re: And tonite

      a dystophy about the world 30 years ago comes to mind.

      UK has an obscene amount of surveillance cameras, GCHQ appears to be pursuing information extremely agressively with little regard to consequences and the internet filter Cameron is pushing is highly censorious.

      All of it falls worryingly close to Orwells over-the-top surveillance state.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Rapnel (profile), Nov 7th, 2013 @ 8:47pm

    O_O

    Holy crap.

    The train is out of control.

    Somebody pull the mother fucking cord.

    Harder.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Pixelation, Nov 7th, 2013 @ 9:39pm

    "Yves Bot, publishes an opinion on the extent to which the Data Retention Directive, one of the most controversial security measures introduced by the EU in the past decade, is compatible with human rights law."

    DRD=Fuck Off Feedom. My greatest hope now is that one of these fucktards pushing this shit gets nailed by it. Please Karma, bail us out.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Martin, Nov 7th, 2013 @ 11:59pm

    "the real issue is whether this infringement is justified because it is necessary, effective, and limited"


    According to the law and precedent the directive actually has to correspond to "a pressing social need" and be "necessary in a democratic society". Some of these requirements are actually a bit stronger than the ones cited.

    It will be interesting to see how this turns out.

    Let's also not forget how this directive came to be. Since voting on it as a criminal cooperation between EU member countries would have required a qualified majority and the directive was very controversial what the politicians did was to say that: "reasonably most countries will want to have a system like this and if the burden on ISPs and other companies differ throughout the EU the market will be distorted. Hence we vote on this directive within the framework of harmonizing the market."

    I hope the Court of Justice will weigh the proportionality of the privacy infringements against the effects on market harmonization. That would be the most fair thing to do.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    woodchuck, Nov 8th, 2013 @ 1:14am

    European Hypocricy

    Nowadays everybody here in Europe is talking about the "NSA scandal" while most people overlook the elephant in the room: the european data rentention laws. Once the EU-politicians promised us these laws were made for fighting terrorism only, but now there are millions of requests per year. The true purpose of mass surveillance is getting total control over the people and every government in the "free western world" is mad about such control. Let's face it: We are the enemies, not al-Qaida, and it makes little difference whether you live in the U.S. or in Europe.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Alt0, Nov 8th, 2013 @ 6:55am

    Data Planet

    Left unabated, in a few hundred years all that will remain of the human race will be a few system operators and all our data.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 8th, 2013 @ 8:05am

    All your data belongs to us

    Good luck getting it back.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This