A polarised debate
The debate about the Directive has become polarised in some member states between on the one hand civil liberties groups worried about a perceived erosion of privacy and dangers of the misuse of the information, and on the other hand governments arguing that access to such information by security forces is necessary to fight crime and terrorism.
The Data Retention Directive had not created any significant controversy in the UK, where privacy campaigners have tended to focus on such matters as CCTV and ID cards. Christian assigned the lack of contention in the UK to the pragmatic relationship that existed between security forces and telecommunications companies.
There was a feeling that the Data Retention Directive was out of step with the European Union's Data Protection Directive. Data protection legislation requires that any organisation collecting or holding personal data does so for clearly defined and justifiable purposes, and does not use or share data for any purpose that is incompatible with those original purposes. Some member states had admitted using the Data Retention Directive to access and use telecommunications data for purposes other than detecting and preventing crime. The Article 29 Working Party (a coalition consisting of the privacy commissioner of each member state) had said that the Data Retention Directive had been rushed through and that there needed to be stricter rules as to the circumstances in which security forces could access telecommunications data and what they could use the data for.
Member states liked the Data Retention Directive as it stood. It gave them what they wanted - access to telecommunications data for their police and security forces and lots of flexibility as to how they implemented the data retention regime.
Telecommunications companies disliked the directive. The burden of keeping the data and providing data in response to requests fell on them. Some have reported that there was a lack of consistency around the making of requests. They would like some clarity as to who from the police and security forces could make requests, and what process they needed to follow to make a legitimate request.
Journalists also disliked the Directive. They reported that some sources were more reluctant to talk because of a fear that communications could be traced.
An expert group recommended that state authorities be required to reimburse costs of operators meeting requests for data. They say that charging would lead to improvements in the efficiency of the request process, and a check on disproportionate requests from authorities.
Not revising the Directive is not an option
Despite the lack of appetite amongst member states to revising the Directive, the European Commission thought it was unfeasible to do nothing, and was formulating options.
Christian reported that the Commission had three objectives
- to maintain the effectiveness of arrangements for security forces
- to make it more economical for operators
- to protect privacy and to provide a clearer definition of why data can be requested by authorities and what they can use that data for.
It is anticipated that the Commission would publish a proposal to revise the Directive some time in 2012. The Data Protection Directive was itself due to be revised and Christian said that they would wait until the Commission released its proposal on revising the Data Protection Directive before finalising their proposal on revising the Data Retention Directive.
James Lappin is the founder of Thinking Records. He is a RM management consultant and an accredited trainer for the European Commission.
Photo courtesy of opensourceway via Flickr.