In a recent study, watchdog LobbyControl accuses EU home affairs commissioner Cecilia Malmström of „censoring“ the intense debate on the EU directive on the indiscriminate retention of all communications data: The non-governmental members of its allegedly independent „expert group on data retention“ are all closely tied to telecommunications industry, while the directive’s civil society opponents are not represented. The expert group aims at providing data retention with „false legitimacy“ by claiming to involve „stakeholders“, criticises LobbyControl.
The EU commission reserves membership in the expert group to people with „a genuine commitment to efficient and effective implementation of the Data Retention Directive“. The EU Court of Justice is currently examining the compatibility of the sweeping blanket communications data retention directive with human rights. On December 12th the Advocate General is to present their opinion on whether or not the directive constitutes a proportionate interference with the right of the EU’s 500 mio. citizens to private communications. Constitutional courts in several EU member states have in the past annulled or questioned data retention laws. More than 100 organisations throughout the EU are calling for its abolishment.
Full text of LobbyControl’s critical assessment:
Data Privacy: censoring the debate
When whistle-blower Edward Snowden revealed in June 2013 that the top-secret US PRISM programme was collecting phone and internet records of European citizens, the reaction from the Commission was forceful. The US justified the programme on grounds of security, but Viviane Reding, Vice-President of the Commission as well as EU Commissioner for Justice at the time, stated that “the data protection rights of EU citizens are non-negotiable.” However, looking at the recent Expert Group established by DG HOME on the topic of data retention, this statement sounds less convincing.
What Ms Reding failed to mention was that the European Commission has had its own highly controversial Data Retention Directive (DRD) in place since 2006, a year before PRISM came into being. The Directive equates to blanket and indiscriminate retention of all telecommunications, holding them for a minimum of six months up to two years, and has been heavily criticised by human rights and privacy campaigners.
According to AK Vorrat, the German Working Group on Data Retention, the DRD is “the most privacy-invasive instrument and the least popular surveillance measure ever adopted by the EU”, with almost 70% of EU citizens against it. It has also been shown to obstruct a free press as investigative journalists working on sensitive public interest issues are unable to use confidential communication channels (Deutsche Telekom was caught using the private data to spy on critical journalists), while the safety of potential whistle-blowers is also greatly reduced.
The Commission’s justification – that it is necessary to tackle serious organised crime – has also been disproven, as no country to implement the Directive has seen a statistically significant impact on crime clearance rates. Ironically, the Dutch Government has actually found many of its own telecoms corporations illegally using the private data for commercial purposes. And in fact, the blanket collection and retention of citizens’ personal information has been ruled incompatible with the European Convention on Human Rights, with the European Court of Justice expected to annul the Directive, making a final ruling at the beginning of July 2014. Discussing PRISM, Commissioner Reding evidently failed to see the contradiction when claiming earlier this year that “it is very essential that even if it is a national security issue it cannot be at the expense of EU citizens.”
Yet despite the Directive’s controversial scope and its impact on citizens, as well as the current de facto rules surrounding Expert Groups, the newly created Data Retention Experts Group is dominated by the telecommunications industry, has individuals representing corporate interests sitting in a personal capacity and has no civil society representatives. Those aware of the group’s incredibly controversial predecessor, the Platform for Electronic Data Retention for the Investigation, Detection and Prosecution of Serious Crime – in which among other problems, all seats not given to government interests went to representatives of big business interests, namely the telecommunications industry, and attempts to open it up to civil society organisations were repeatedly rejected – will not be surprised at the features of its latest incarnation.
Among the seven members not representing government interests, all five of the organisations (Cable Europe; EuroISPA; European Competitive Telecommunications Association, ECTA; European Telecommunications Network Operators Association, ETNOA; GSM Association) are there on behalf of telecommunications giants. Gerald McQuaid, the sole “representative of an interest” – a category given by the Commission to members sitting in an individual capacity but who are not independent – is listed in the Register as Chair of the European Telecommunications Standards Institute Lawful Interception and Data Retention Committee, an industry standardisation body, but it fails to mention he is a senior manager at Vodafone. Incidentally, Vodafone is also a member of EuroISPA (via national associations) and ECTA, and more worryingly, was also fined €76 million after its data retention mechanisms in Greece (i.e. wire taps) were hacked with the phones of the Prime Minister and many of his cabinet members being bugged. Completing the group is Christopher Kuner, Senior Of Counsel in the Brussels office of corporate law firm Wilson Sonsini Goodrich & Rosati, wrongly listed as there in a personal capacity. As well as advising corporate clients how to operate around privacy legislation while staying within the letter of the law, he is also the Chairman of the International Chamber of Commerce Task Force on Privacy and the Protection of Personal Data – not a role that can be considered independent.
While big business gets to ensure the Data Retention Directive is implemented to its liking (in the US, the telecommunications industry has been handsomely compensated by the US government for providing data), voices of civil society groups have been purposefully excluded. This may be explained by the call for applications: while open (although not in the Register), it explicitly states that members must have “a genuine commitment to efficient and effective implementation of the Data Retention Directive,” and if selected, “help ensure that the Directive continues to fulfil its intended aims.” Not only does this undermine the role of Expert Groups in providing diverse stakeholder input and excludes genuine expertise on the topic, it also ensures those selected will be unable to answer the group’s own mandated question of whether the directive is fulfilling its ‘intended aims’. The intentionally-narrow and technical focus is being used to mask the broader political questions still unresolved by its predecessor.
In light of PRISM, the evidence on DRD and the importance of data privacy, it appears the Commission – DG HOME in particular – is using this Expert Group to censor debate (only listening to industry and not civil society opponents) while providing false legitimacy through claiming to involve ‘stakeholders’. If Commission Vice-President Reding wants us to believe, as she claims, that “the data protection rights of EU citizens are non-negotiable,” DG HOME needs to open the group, follow the European Parliament’s recommendations regarding corporate dominance, loosen the conditions for entry and genuinely explore how DRD’s ‘intended aim’ of tackling serious crime can be achieved.
This post reflects the personal opinion of its author Patrick Breyer and is not an official statement by the German Group on Data Retention (AK Vorrat).