EU heads of state, now in the midst of their Spring Summit, are
considering a draft Declaration against terrorism, in the wake of
this month's Madrid bombings.
The draft includes measures that EDRi says will "have a chilling
effect on the daily lives of European citizens and their freedom to
travel and communicate."
Of particular concern to EDRi is the focus on the retention of
communications data.
Communications data are data that describe the caller and the means
of communication (e.g. subscriber details, billing data, e-mail
logs, personal details of customers and records showing the
location where mobile phone calls were made) but not the content of
the communications.
Since the September 11th tragedy, security and law enforcement
agencies have urged governments to look at ways of retaining and
accessing this data, which can be used to build a comprehensive
dossier on the contacts, friendships, interests, transactions, and
movements of an individual.
The EU is developing a framework directive, known as the "Draft
Framework Decision on the Retention of Traffic Data and Access to
this Data in Connection with Criminal Investigations and
Prosecutions," while ten Member States, including the UK, are
already preparing their own legislation on the issue.
In the UK, the Retention of Communications Data (Code of
Practice) Order 2003 lays out a voluntary Code of Practice for ISPs
and telcos, but has met with resistance from these agencies – which
believe that it will leave them open to claims under data
protection and human rights laws.
Similar concerns led human rights group Privacy International to
obtain a legal Opinion on the draft European framework directive –
which found that the draft directive is unlawful because it
breaches the Convention on Human Rights.
However, the political will for such a scheme was jolted by the
Madrid bombings, and retention of communications data now looks
likely to form part of the EU anti-terrorist approach.
According to EDRi, EU leaders are also discussing proposals to
upgrade existing databases, such as the controversial Schengen
Information System. This system, which became operational in seven
countries in 1995, now covers the bulk of EU countries, although
the UK is only partially involved.
The system enables enforcement agencies throughout Europe to
have access to a database of reports on individuals and objects,
such as cars, for border control purposes, internal police checks
and in some cases for the purpose of issuing visas, residence
permits and administrating persons that the system defines as
aliens.
Other proposals include the use of European passenger data for
"other law enforcement purposes", the approval of the current
scheme for sending this data to the US and the tightening up of
proposed biometric requirements for the new EU passports, according
to EDRi.
