data retention

All posts tagged data retention

The Commission has released documents showing that DG Justice harshly criticised the Data Retention Directive even while the Commission was defending it in Court.

According to a DG Justice statement of 2012,

  • the evidence -both qualitatively and quantitatively- provided in support of [the Directive] was „insufficient“
  • data preservation – ‚quick freeze‘ and ‚quick freeze plus‘ – was „a measure much less invasive in the fundamental rights of much less individuals and is therefore more proportionate than the current rules of Directive 2006/24/EC“

The Commission chose not to disclose those observations to the European Court of Justice but instead submitted observations according to which

  • „considerable empirical evidencen attests that data retention is valuable, and in some cases indispensable, for investigating and prosecuting crime“
  • data preservation was „less effective than data retention in combating crime“
  • „Directive 2006/24 strikes an appropriate balance between the requirements of law enforcement and the need to keep interference with privacy to a minimum by requiring only traffic and location data“

I find it striking that the Commission internally knew well about the disproportionality of blanket data retention but still defended it in Court as though no doubts existed whatsoever. Subsequently to the annullment, Commissioner Malmström even had the cheek to claim that the judgement „confirms the critical conclusions in terms of proportionality of the Commission’s evaluation report of 2011 on the implementation of the data retention directive.“

This is so sickeningly dishonest.

All documents obtained in relation to the ECJ judgement on data retention

The information and views set out in this post are those of the author and do not necessarily reflect the opinion of the Working Group on Data Retention (AK Vorrat).

Tuesday the European Court of Justice held a hearing concerning the validity and proportionality of the EU directive 2006/24 on mandatory blanket retention of all communications data. A person who participated in the hearing reports on their impression.

My sense of the day:

First: it was great that the Irish and Austrian challenges were joined. It gave the cases added weight, gave us three lawyers rather than one speaking directly against the Directive, and also allowed us to tackle the Directive from several different angles.

Second, we were before a grand chamber – 15 judges – signifying that the ECJ was giving this case some significance from the outset.

Third, the Irish Human Rights Commission spoke before the ECJ and were given a very attentive hearing. They expressed concern about the possibility that there would be a gap in protection if the Directive were upheld – i.e. that we might have a situation where protections against abuse would only be in national law, not at EU level – and when pressed by the court on the issue they said that they considered the Directive itself to be disproportionate. This was a big step from their perspective – their role is primarily advisory, not to take sides – and I think it carried some weight with the Court as an independent and impartial human rights body.

Fourth, the advocates for the member states made some very surprising points which helped us. For example, one claimed that the Directive required ISPs to store the URLs you visit – but the Commission was tripped up in confusion by it and couldn’t answer to the court whether it was correct or not. One said that Austria had no position on the question of proportionality (!) and went on to say that the ECJ would of course have to take into account the recent PRISM revelations (!!). One said that the statistics in this area were so patchy as to be completely unreliable – effectively overlooking the fact that the Court had asked for statistics to support the use of data retention. Another said that internet use opens one up to profiling anyway so data retention is not a particularly big issue (!). One tripped up on the question of transfer of data outside the EU and in effect ended up highlighting the PRISM issue. Other state advocates delivered arguments which were very bland in nature – there was little engagement with the issues bar mere assertion that data retention is necessary because we say it is.

Fifth, the advocates for the Parliament, Council and Commission were given some very difficult questioning on the fundamental issues regarding protection of human rights and how this is divided between the EU and the member states. This is obviously a wider issue than data retention per se but the ECJ appeared willing to tackle it – something which would probably be in our favour.

Sixth, the Advocate General picked up on a point regarding the correct test of proportionailty to use – i.e. do we assess this as being proportionate for law enforcement aims (a lenient test) or do we assess it as to whether it is a proportionate way of harmonising commercial activity in telecoms (a much harder test). Digital Rights said that it had to be assessed as an internal market measure as that was the legal basis of the directive. In short – is it really a sufficient basis for the Directive that it makes Vodafone’s life easier by harmonising the rules in the various countries where it operates? The Advocate General picked up on this point and seemed to accept this approach, while counsel for the institutions had no real response to his questioning on this. In effect the Advocate General said that the Directive must pass two tests of proportionality – it must be proportionate in its assistance of law enforcement and also proportionate  in its market harmonisation function. The implication is that if it is an excessive reaction to the need for market harmonisation then it would fall even though it might be proportionate if it were a stand alone third pillar measure. He also suggested that a law such as this should have a sunset clause, something which the institutions had no answer for.

Finally, the fact that the EDPS was invited to take part was I think useful, and the EDPS advocate was clear in stating the views of the EDPS that this was disproportionate.

In summary, I think the day went very well indeed for civil liberties. It is always impossible to predict what a court will do, but I am hopeful for a positive outcome based on what we saw.

The next date for your diary is November 7th when we get the opinion of the Advocate General. The full judgment is I believe probably 12 weeks after that, or thereabouts.

Finally, a special word of thanks for the lawyers who presented the civil rights cases so well. Yesterday was a major hearing on the most fundamental of human rights issues before the highest court in Europe, sitting in grand chamber. Very few lawyers ever make it to the ECJ, let alone on an issue of such significance. Frank Callanan, Fergal Crehan, Simon McGarr, Gerald Otto and Ewald Scheucher all deserve our respect and our thanks – and also all those others (too many to name here) who contributed to their work.

Update of 15/07/2013:

Monika Ermert has published another good report on the hearing.

The information and views set out in this post are those of the author and do not necessarily reflect the opinion of the Working Group on Data Retention (AK Vorrat).

Tomorrow the European Court of Justice will hold a hearing concerning the validity and proportionality of the EU directive on mandatory blanket retention of all communications data.

The importance of the upcoming court decision can hardly be overestimated: The indiscriminate retention of information on every telephone call, text message, e-mail and Internet connection made by any citizen is „the most privacy invasive instrument ever adopted by the EU in terms of scale and the number of people it affects“ (Peter Hustinx, European Data Protection Supervisor). Blanket data retention registers permanently the everyday communications, movements and Internet usage of 500 mio. citizens in the EU. On average, every 4 minutes information concerning us is being recorded ( Apart from the intelligence programmes that have surfaced now, data retention creates the greatest databases of personal information in existence.

The decision to be taken by the European Court of Justice will determine whether or not the government can potentially have our entire lives and behaviour recorded „just in case“ or whether innocent citizens will have a right to untraceable communications and interaction in an information society. The ruling will also indirectly determine whether the intelligence interception programmes that have recently surfaced in the UK („Tempora“) and France will have to be ended for violation European human rights.

Important information concerning the hearing

Time and place of hearing:

These people and governments will speak to the Court:
15 Minutes:
– Digital Rights Ireland (plaintiff)
– Irish Human Rights Commission
– Federl govt. of Carinthia (Austria, plaintiff)
– Mr Seitlinger [individual lawsuit Austria]
– Mr Tschohl [representing 11.100 citizens of Austria]
– Government of Ireland
– Government of Austria
10 Minutes each:
– Government of Spain
– Government of France
– Government of Italy
– Government of Poland
– Government of Portugal
– Government of UK
15 Minutes each:
– EU Council
– EU Parliament
– EU Commission
– Mr Hustinx, European Data Protection Supervisor

The questions raised by the Irish High Court and its reasoning (excerpt: „Nonetheless it is clear that where surveillance is undertaken it must be justified and generally should be targeted.“)

The questions raised by the Austrian Constitutional Court and the Court’s reasoning (excerpt: „Considering the doubts regarding the effectiveness it [blanket data retention] appears to interfere disproportionately with human rights.“) (reasoning in German only)

The questions asked to the parties by the European Court of Justice:

Working Group on Data Retention: Background information and facts concerning the Data Retention Directive 2006/24/EC

Working Group on Data Retention: Arguments of Data Retention advocates critically discussed,en/

Resource and document trove:

Photos of protests in Germany against data retention (free use):

Call of more than 100 organisations from 23 European countries to abolish the EU data retention directive:,en/

The information and views set out in this post are those of the author and do not necessarily reflect the opinion of the Working Group on Data Retention (AK Vorrat).

The Commission has released some interesting documents concerning the evaluation of the data retention directive in 2009-2011.

On 23 November 2009, the Commission and Member States discussed the matter with industry representatives.

  • Malcolm Hutty (EuroISPA President) explained that „smaller ISPs that operate nationally in a single country tend to be nervous about the idea of harmonisation if this resulted in longer retention period. However, large CSPs that operate transnational would rather favour more harmonisation in this regard, for various reasons, amongst which solving the problematic differences that exist between national markets.“
  • The Commission revealed that it discussed the directive only with with industries, Member States and MEPs, not with civil society (this was changed later, but the meetings with proponents by far outnumbered the meetings with critics).
  • The Commission raised the question of „whether CSPs should retain all data mentioned under Art 5 DRD, or only those that are needed for commercial reasons“.

The infamous „room document“ (draft evaluation report) is available in colour now.

On 12 March 2010 the Commission discussed again with Member State representatives:

  • Only Austria and Germany wanted the Data Retention Directive to be reduced in scope.
  • The Commission clarified that „information society services (ISS) that do not qualify as electronic communications services within the meaning of the definition in the Framework Directive 2002/21/EC (which is used in the ePrivacy Directive, e.g. hotmail), are not covered by the e-Privacy Directive; as the Data Retention Directive is an exception to the latter, it does not cover ISS either.“
  • SE mentioned that due to the long duration of the process for requesting data abroad these data are often already deleted before the request arrives and is executed, which deters MS from asking such data in the future. CZ recommended „to find easier ways to handle requests“, because currently „it takes days“.

The German data protection commissioner Peter Schaar advocated „quick freeze plus 7 days of data retention“ at a time when we strictly opposed any blanket retention requirements.

The EDPS criticised the Data Retention Directive fundamentally.

What is possibly most striking is the discussions the Commission is refusing to reveal:

  • It will not disclose any material regarding the Inter-Service Consultations and the position each of the DGs took.
  • Malmström met the German Minister of Interior (although the Ministry of Justice is competent for the matter of data retention). The briefing note is kept secret.
  • Reding met with the EU-Committee of the German Bundestag on 24/06/2010. The briefing note concerning the DRD is being kept secret.
  • Reding met with with a delegation of the European Journalists Federation on 1st July 2010. The briefing note concerning the DRD is being kept secret.
  • Malmström met with the Austrial Minister of Justice.
  • The replies to the Commission’s asking for further information on the effectiveness of the data retention directive are being kept secret.

An overview of all documents is available here. If you have any more documents, please let us know.