Her remarks come a few days after an influential committee of
the European Parliament recommended that the current proposals be
rejected. MEPs are due to vote on the issue next week.
The existing proposals date back to April 2004, when the UK,
France, Ireland and Sweden published a draft Framework Decision
setting out provisions for the creation of an EU-wide system of
retaining communications data – data that identifies the caller and
the means of communication (e.g. subscriber details, billing data,
e-mail logs, personal details of customers and records showing the
location where mobile phone calls were made) but not the content of
the communications.
The draft Framework Decision
In general terms, the draft excludes the retention of the
content of exchanged communications, although it does not define
what "content" actually is. It also allows Member States to opt-out
if they do not find the purposes behind the draft sufficient to
make the retention acceptable.
The draft, as amended by the Dutch presidency of the EU,
proposes a minimum period of data retention of 12 months and leaves
any maximum limit to the discretion of Member States.
Provisions are also made for the access by one Member State to
data retained by another Member State. Data protection safeguards
are included, and there is an obligation on each Member State to
ensure the security of the data retained.
The opposition
A draft European framework Decision on data retention has been
discussed for years, much to the concern of civil liberties groups.
In 2003, human rights group Privacy International obtained a formal
legal opinion on the proposals – which suggested that the draft
Decision was unlawful, because it breached the Convention on Human
Rights.
In November 2004, the EU Data Protection Working Party, an
independent EU advisory body, issued a negative preliminary Opinion
on the draft Decision.
"The routine, comprehensive storage of all traffic data, user
and participant data proposed in the draft decision would make
surveillance that is authorised in exceptional circumstances the
rule," said the Opinion. "This would clearly be disproportionate.
The draft framework would apply, not only to some people who would
be monitored in application with specific laws, but to all natural
persons who use electronic communications."
Nor was the Working Party convinced that data needed to be
retained for longer than six months – as opposed to the 12-month
minimum period envisaged in the Decision. So far, said the Working
Party, law enforcement agencies have failed to show why such
far-reaching measures are necessary.
Last week, the European Parliament's Civil Liberties Committee
reached a similar conclusion.
In a report drafted by liberal MEP Alexander Nuno Alvaro the
Committee recommended rejecting the proposal due to sizable doubts
on the choice of the legal basis and the proportionality of the
measures.
"The ends do not justify the means, as the measures are neither
appropriate nor necessary and are unreasonably harsh towards those
concerned," says the report. "Given the volume of data to be
retained, particularly internet data, it is unlikely that an
appropriate analysis of the data will be at all possible."
The report demands that the Member States produce a study
proving the unquestionable need for the proposed data retention
arrangements. It also suggests checking whether the Decision's
objectives might be better achieved by implementing the Council of
Europe's Convention on Cybercrime – the first international treaty
on criminal offences committed against or with the help of computer
networks.
The European Parliament is due to consider the report on 7th
June.
The Commission's view
According to Reuters, the European Commission has now made it
clear that it will recommend a maximum retention period of one
year, when it puts forward its proposals on data retention in the
next few days.
A longer retention period would place a huge burden on ISPs and
telcos, said Commissioner Reding.
The Commissioner confirmed that she and Justice, Freedom and
Security Commissioner Franco Frattini, would make replacement
proposals to those put forward last year, on the grounds that any
harmonisation of EU data retention laws should be made by the
Commission rather than individual Member States.
This way the legislative process would also be more transparent,
as it would require the approval of the Commission and Parliament,
the Commissioner told Reuters. Under the current procedure, MEPs
can only give their views on the proposals.
