Une information citoyenne au service d'une identité européenne
Réactions, commentaires et débats avec des invités

Glossaire interactif des termes de l'Espace de liberté, de sécurité et de justice
Observatoire législatif de l’Espace européen de liberté, de sécurité et de justice
Veille juridique et documentaire axée sur la Charte des droits fondamentaux de l’Union européenne
Actualités des grands projets de l'Union européenne
Dossiers documentaires thématiques
Actualités sur le rôle de l'Union européenne dans le monde
Une information citoyenne au service d'une identité européenne

New data retention directive: meaning, procedure, pros and cons

pdf mise en ligne :02 03 2006 ( NEA say… n° 06 )

ASILE > Système d'information Schengen

What data retention means in the Directive adopted by the Council on 21st February? The decision follows an agreement reached by the Council at its meeting on 1st and 2nd December 2005 and an approval voted by the European Parliament few days later. In fact, this Directive is adopted jointly by the European Parliament and the Council using the so-called “co-decision” procedure and it is a remarkable example of joint legislation regarding one of the most controversial subject, recently discussed. Such explanation will try to provide an evaluation of different interests involved in that issue, pointing out which consequences can be envisaged by this new law.

The new Data Retention Directive

On 13th December 2005 the European Parliament approved rules forcing telecommunications companies to retain telephone call and internet records for use in anti-terror investigations. In other words, data retention means the storage of traffic and location data resulting from electronic communication: telephone calls, text messages and internet data without, however, retaining the content of the communication.
Member States will have to implement the Directive by imposing an obligation on internet service providers and telecommunication operators to store all traffic and location data for fixed and mobile telephony as well as e-mail, web-browsing, instant messaging and other internet services. The data will have to be stored for a period of 6 to 24 months and must be accessible to authorities investigating “serious crimes”. According to the new legislation, the costs incurred will be covered by the companies. This is why the telecommunications industry has raised some concerns about the Directive, claiming that it could be expensive to implement and that it could jeopardize Europe’s competitiveness and information society.

Consequences of the Directive

As regards all possible measures, it must be underlined that comprehensive supervision by competent data protection bodies will be indispensable. Therefore, any use of access to the systems must comply with the rules governing the protection of personal data, i.e. the Directive 95/46 on Data Protection, and in future with the Draft Framework Decision on the protection of personal data in the course of activities of the police and judicial cooperation in criminal matters.

Procedural development

Despite difficulties, as the negotiations were extremely controversial, approval of the Directive made clear that European Institutions, i.e. the Parliament, the Council and the Commission, altogether are standing firm against terrorism and serious organised crimes. This sends a powerful message to citizens because they worked closely together and were united, determined and able to reach agreement on this important measure.

The Commission’s Proposal
Regarding the substance, the package agreement can be considered a compromise which was reached on the basis of the Commission’s proposal. In fact, the Commission put it forward having in mind a three fold interest: fighting crime, protection of Fundamental Rights and the economic interests of the telecommunication industry. The aim of the proposed Directive was that data retained should be available for the purpose of investigation, detection and prosecution of serious crime, as defined by each Member State in its national criminal offence law, thereby limiting Member States’ actions by the principle of proportionality. Moreover, a declaration provides that “serious crime” under Member States’ national law should take into account the crimes listed in article 2 of the Framework Decision on the European Arrests Warrant (2002/534/JHA) and crimes involving communications.

Concerning periods of retention, the Commission reduced, to a large extent, the enormous disparities existing among Member States ranging from no retention period at all to 6 years or more. The Directive ensures that all 25 Member States will have to impose data retention obligations on the telecommunications service and network providers operating under their jurisdiction. This is a major step forward taken within the European Union: sharing a common idea about impacts and limits of what legislation can provide in the field of Fundamental Rights.

In addition, the Directive provides for high standards of data protection applying to data covered by the Directive and sanctions (administrative or criminal) in case of violation have to be imposed. Derogations to take account of particular circumstances are limited to reduced time and subject to the control of the Commission on what concerns the functioning of the internal market. As a result, statistics must be transmitted to the Commission and an evaluation process is also provided.

It is important to highlight that the Commission’s proposal is based on the first pillar: the communitarian pillar with total competence of the European Court of Justice to provide a much more balanced and appropriate approach to this issue with a view to protect the rights of the citizens.

Role of the EU Parliament
In the EU Parliament, many different political views were aired by members of all political parties but it also was their native culture which defined their beliefs. Nevertheless, the Parliament voted by 378 to 197 to approve the bill, which had already been agreed by the assembly’s two largest groups, the European’s People Party and the Socialists.

Parliament’s LIBE Committee previously had been in favour of a report that would have limited the data storage obligation considerably. However, during the three weeks between this first vote and the one in plenary session, the UK Presidency achieved to convince MEPs of the two big groups to vote for a set of compromise amendments already adopted by the Justice and Home Affairs Council. The UK Presidency claimed to sideline the Parliament by pushing the Council to adopt a framework decision that would have gone even further than the previous directive. Therefore, in the following plenary session, the amended draft legal solution was approved despite criticism by the other political groups as regards both the proposal’s content and the procedure which they thought had been influenced too much by the UK Presidency.

Role of the UK Presidency and the Council
The process of reaching agreement, as described above, can be seen as an example of a Presidency playing a key role in the Council, establishing a strong position and making a firm statement with the aim of striking a deal. The Presidency highlighted, however, that the Parliament’s demonstration of its willingness to work for an agreement was key to the progress that was made.

There was a need to strengthen security across Europe taking into account the respect for the rights of its citizens. This explains the criticism in the EU Parliament and in the Council among national governments. At the end, this agreement showed a willingness in order to bring the measure in. The UK Home Secretary claimed that telecommunication traffic and location data were vital tools in investigating and detecting terrorism and crime. Variations in data retention practice enable investigators and prosecutors to detect terrorists and criminals, to stop them causing harm or to arrest them after doing so. There are many examples where communications data have been used to trace members of terrorist cells, to help identify murderers and to free kidnap victims. Among these are the bomb attacks in London last July.

For the UK Home Secretary and the Council, a data retention period of 6-24 months represents a compromise between those in the Council who wanted a much longer retention period and those in the Parliament who preferred a shorter period. The Presidency also took account of concerns expressed by Member States and industry about the costs involved as mentioned above. That is why the list of data in the Directive has been restricted and unconnected telephone call data is outside the scope of the Directive.

A commitment has been given by the Commission and Council to regularly review how effective the Directive is applied together with the EU Parliament, the EU Data Protection Supervisor and representatives of industry.
The Council noted concerns about data protection and security and so the amendments include articles on data access and sanctions in case of data abuse. Data must be kept safe and secure and may only be disclosed lawfully following the application of this Directive.

Conclusion and Outlook

The negotiations were difficult because the subject is very technical and complex and it will remain so in the future. Rightly, the Commission will fully evaluate the application of the Directive and its impact on industry and consumers.

The difficult process of reaching approval shows how controversial the subject is and how many different interests such as political, economic, legal and social interests are involved. This also demonstrates how different a Human Right prospective can be, depending on various points of view. On the one hand, it highlights a significant question about the real assessment of Human Rights, but on the other hand, it relies on a firm effectiveness linked to political power: one of the most important tools for sorting out that problem, as attempted by the EU Council.

Can this agreement enable law enforcement authorities to obtain data without infringing privacy rights?
This is the major point: respecting Fundamental Rights and putting them as the touch stone of each policy means being able to manage this huge task. This also means coping with different approaches, being at the same capable of dealing with this border line issue which involves all of us both in our own private sphere and in society. There is a need to balance law enforcement “needs” and individuals’ right to privacy. Individuals have to trust what national states and the European Union think is best to do to protect them from crime while at the same time protecting their privacy.

The topic points to a close link between two elements: retained and protected data as two sides of the same coin, relying on Human Rights. What does data retention mean? And what does data protection mean? Probably a compromise between privacy and security or even between Social Rights and own culture, or maybe more. This is why there is a civil and political conflict which involves our own personal freedom and a general security to stop terrorism.

Fighting against it means stretching the edge and handling an uncertain border because each state concerned has to strike a balance between successfully managing the individual’s sphere, i.e. the protection of personal data and the social citizens’ freedom with consideration for their safety in society. Therefore, living at a time when acts of terrorism happen every day, means providing strong legislation to face the problem, even though this is only a beginning, one way among many to try to solve a greater problem.

It is fundamental not to prejudge the outcome of an essential in-depth debate which should cover aspects such as the overriding need to preserve that delicate balance between measures envisaged and protection of Fundamental Rights, with special reference to the protection of personal data as embodied in the European Convention on Human Rights and the EU Charter of Fundamental Rights. Data protection means ensuring full respect for the right to respect private and family life and the right to protect personal data. This is the border line issue, as laid down in Articles 7 and 8 of the EU Charter of Fundamental Rights even though it is not legally binding.

However, its undeniable political value in the European Union enables institutions to make this right concretely readable, understandable and therefore stronger. The meaning of data retention is still uncertain, awaiting results from practice. Thanks to this new Directive its meaning will be clearer, however, after the Directive has been implemented. Following entry into force of this law, Member States will have as a general rule 18 months in which to comply with its provisions.

Martina Fava
Université Catholique de Milan