EU Data Chief Press Release

As The Washington Post published last monday "EU Data Chief Warns About Privacy":

"BRUSSELS, Belgium -- The European Union's data protection supervisor Monday criticized EU plans to retain phone and e-mail data for use in anti-terrorism investigations, saying they failed to protect civil liberties and gave a free hand to national intelligence services.
Peter Hustinx said the proposals _ one drafted by EU governments, the other by the European Commission _ did not prove the need for EU-wide data retention rules"

EDPS PRESS REALESE

Data retention: EDPS presents his Opinion on the Commission proposal for a Directive
Retention of traffic data of telecommunications has been high on the political agenda during the last months. Two rivalling proposals for EU-legislation are on the table - a draft framework decision proposed by four Member States and a Commission proposal for a Directive.

Peter Hustinx, the European Data Protection Supervisor (EDPS), who today presents his Opinion on the Commission proposal observes: "This is an incredibly sensitive issue. The Directive has a direct impact on the protection of privacy of EU citizens and it is crucial that it respects their fundamental rights, as settled by the case law of the European Court of Human Rights. A legislative measure that would weaken the protection is not only unacceptable but also illegal".

Although not convinced of the necessity of the proposed Directive, the EDPS presents his view on its main elements. If the Council and the European Parliament decide that data retention is necessary for the purpose of serious crime investigation, the following criteria should be met, for the Directive to be acceptable:

• strictly limited retention periods - the periods must reflect the needs of law enforcement and they must be harmonised in the Member States, laying down maximum periods of retention. Longer periods than 6 and 12 months as proposed, are not acceptable.
• a limited number of data to be stored - the number must reflect the needs of law enforcement and ensure that access to content data is not possible.
• adequate safeguards - specific provisions on access to the retained data by competent authorities are needed to ensure that no one but the relevant law enforcement services can use the data in individual cases.
• adequate technical infrastructure must be put in place to ensure the security of the data, including financial incentives to this effect.
• data subjects must be able to exercise their rights and data protection authorities must be enabled to supervise effectively.

The Opinion of the EDPS contains a detailed analysis of the proposed Directive along these lines and puts forward a number of constructive and concrete proposals to ensure respect for fundamental rights. It also mentions that co-decision of Council and Parliament is the only acceptable way forward in this highly sensitive area.

Links:

Data Retention Directive European Commission Press Release

Data Retention: Privacy International