Denmark Repeals Data Retention Law's Logging Rules, Will Begin Discussions On What Should Replace Them

from the moving-in-the-right-direction dept

A couple of months ago, we wrote about an important decision handed down by the European Union Court of Justice (EUCJ) that declared the EU's Data Retention Directive "invalid." As we noted then, it was not entirely clear what national governments would do about the legislation they had passed in order to implement that Directive. From the deafening silence that has followed, we can presume that most of them are still thinking hard, but the Danish government has announced it is repealing the law's excessive logging rules at least (Google Translate of original Danish press release from Ministry of Justice):

The Ministry of Justice considers overall that there is no basis for believing that the Danish logging rules would be contrary to the Charter [of Fundamental Rights]. But the ministry has doubts whether the rules on session logging is appropriate to achieve their purpose. Justice Karen Hækkerup repeal therefore now rules on session logging.
As that indicates, the Ministry of Justice does not consider that its own particular framing would fall foul of the EUCJ's ruling, but it does admit that it had doubts about whether the data retention logging rules were appropriate, and so is repealing them. Interestingly, that may not be the whole story here. According to the Danish Politiken newspaper, the real reason the government is choosing to strike down the rules is that it lacked the votes in parliament to stop that happening anyway. Here's what a spokesperson for the opposition Left party is reported as saying (Google Translate of original in Danish):
I am pleased that the Minister of Justice has recognized that the majority behind the unnecessary session logging has crumbled. We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.
It's great to see politicians beginning to recognize that simply "collecting it all" is neither proportionate nor effective. Here's what will happen now:
The Minister of Justice will in the next parliamentary session to submit a bill to revise the total logging rules that could form the basis for policy discussions with the political parties about logging rules future design.
Let's hope that the policy discussions will reflect what we have learned about the dangers of extreme surveillance in the last year -- and that other EU countries follow Denmark's example by repealing their laws and instituting broad-based consultations on what, if anything, should replace them.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    That One Guy (profile), Jun 4th, 2014 @ 12:56am

    How about 'Nothing'

    Given this:

    'We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.'

    The logical move would be to dump the program entirely, not just replace it with something similar. If even the politicians are going to admit that there's no solid evidence that such data retention has a real public benefit, or at least one that outweighs the downsides, then they should just drop it entirely.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Tor, Jun 4th, 2014 @ 1:49am

    Misleading

    I'm surprised to find such a misleading post on TechDirt. To start with the title is incorrect.The data retention law is not being repealed - it's just a minor revision of certain rules.

    The danish ministry of justice has previously found that the session logging was implemented in a way that made it useless to the police, so they can easily scrap it without any big consequences. Also note that the session logging is not mandated by the EU data retention directive - it's just something extra that danish politicians added from their own wish list when implementing the directive.

    So what the political representatives are saying is that they want to keep all parts of the law related to retention of traffic data intact. That's certainly not a very positive message. It's likely they want to scrap this extra part as a preemptive move in order to reduce the risk of the entire law being challenged or repealed.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 4th, 2014 @ 1:53am

    Bravo, Denmark!

    Google Translate of original subject line:

    Bravo, Danmark!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Glyn Moody, Jun 4th, 2014 @ 2:08am

    Re: Misleading

    Thanks, I've made changes to reflect those points.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Tor, Jun 4th, 2014 @ 2:13am

    A clarification of the terms and my point:

    A) Session logging: logging of which web pages you visit and the contents of certain IP packets.

    B) Traffic data retention previously mandated by the EU directive: logging of IP-address assignment, who calls whom, when and from where, geotracking of your movements if you bring your phone, mail traffic data (if the mail is provided by an ISP, but not if isn't). Unlike session logging there's no logging of the contents of the data traffic in this case.

    A seems to be affected by the change, but not B. The change itself is positive but it's a big disappointed that the political representatives see no problems with B, even after the recent verdict. Furthermore, the proposed change to A is probably motivated by the wrong reasons (i.e. to preserve B).

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jun 4th, 2014 @ 3:47am

    Same in Finland

    Finnish goverments reaction/responce to EU Human Rights judges decision to repeal that 'Data Retention Act' before Parlianments election was 'We consider to attach that on next time we modify our and (USTR's) laws considering erm' Artist Rights' sometime on 2015.
    So its kinda illegal and insane and our esteemed goverment consider doing something about it in a next election cycle...

    I think I need a beer =P

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    A. Lauridsen, Jun 4th, 2014 @ 5:53am

    Misrepresenting the truth

    Things are NOT moving in the right direction. What was repealed was data-logging, which was in excess of the EU directive. In effect the danish government was going much further than the original EU logging directive.

    The repeal is only related to that "excess". Logging of phone meta data is still being performed, despite the court ruling.

    Further more, The Danish government is planning to re-introduce both kinds of logging, as part of a planned cyber security center.

    This law calls for the logging initiative to be moved to the military intelligence service (FE). Which moves logging into the domain of national security.

    National security is explictly exempt from the Treaty Of Rome. Consequently the ruling of the EU Court of Justice, and the CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION do not apply.

    In short, they'll just skin the cat using a different tool.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jun 4th, 2014 @ 9:49am

    Re: How about 'Nothing'

    Why not replace it with a law forbidding such data retention?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jun 4th, 2014 @ 10:18am

    The Minister of Justice will in the next parliamentary session to submit a bill to revise the total logging rules that could form the basis for policy discussions with the political parties about logging rules future design.

    It would seem that Denmark does not believe in the "right to be forgotten."

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jun 4th, 2014 @ 11:47am

    Re:

    Not much is known about what they will put on the table instead. Session logging had an extend of about 90 % of all the data collected through this directive and the admissions from the police (only one - unintended - use to exclude a suspect and they haven't had the programs they needed to actually search the data.) it would seem logical to bin it anyway!

    I don't think the content of the IP packets are inspected.
    AFAIK the most used technique to uphold the law is registering every 500 packets entering the ISPs net and include only to/from IPs, protocol, to/from postal codes and timestamps.

    Since more than one user is usually online at the same time at an ISP and 500 packets is rather often it generates a huge amount of pretty well randomized data. Logic would dictate that the data would have extremely limited use even with good tools to search it, but since politicians don't care about such details it was passed into law.

    But it is not DPI or other specific data in the packets as much as informations about the packets.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jun 5th, 2014 @ 1:57am

    Looks like Denmark's economy is about to see an influx of business. Maybe I'll sign up for an email account.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.