The European Data Protection Supervisor (EDPS), Peter Hustinx, has published an opinion stating that the Data Retention Directive “does not meet the requirements imposed by the fundamental rights to privacy and data protection”.
The much discussed EU Data Retention Directive (the “Directive”) requires all telecomms providers to retain the data necessary to identify the sender, recipient, data, time, duration, type, equipment and location of all the emails, phone calls and texts of all citizens. The information must be available to be handed over to national police for use in criminal investigations.
When it was implemented in 2006, the Directive was seen by many as a knee jerk reaction to the threat of terrorist attacks. The EDPS was critical from the outset and has described the Directive as “the most privacy invasive instrument ever adopted by the European Union”.
The latest EDPS opinion is in response to the European Commission’s Evaluation Report on the Directive. The Commission intends to propose amendments to the Directive ‘later this year’.
The legal and political storm around the Directive is now gathering momentum. Already courts in Germany, Austria, Romania, Sweden, and the Czech Republic have ruled that the Directive in its current form is unconstitutional.
Later this year, the European Court of Justice (ECJ) will rule on the constitutionality of the Directive following a referral from the Irish High Court. The case was brought by Digital Rights Ireland, a member of the European digital civil rights group EDRi, on the grounds that a state should not be allowed to impose a regime of mass surveillance on its entire population without any evidence of wrongdoing.
The debate over the balance between state interests and the protection of individual rights and freedoms is becoming more intense and more prominent in the public consciousness. Civil rights groups and the media are turning up the volume. However, where national security is concerned, the counter-arguments are unlikely to be heard in the open.
State security agencies have a clear argument in favour of accessing personal data in order to prevent serious crime and the extent of any amendments to the Directive will undoubtedly be highly tempered by The Powers That Be. However, recent crime statistics released by the German police show that the blanket retention of telecommunications data has had no positive impact on the number of cases solved.
If they want to keep the blanket data retention requirement, the spooks may need to gather more intelligence in order to satisfy the EU that it is proportionate and does not go beyond what is necessary.
But, back in the glaring light of the public arena, the future of the Data Retention Directive remains in the ECJ’s hands.