MEPs had been under pressure to approve the proposals, which
have formed a key part of the agenda of the UK Presidency. The UK
Presidency comes to an end in the New Year, and Home Secretary
Charles Clarke had made it a priority to reach agreement on the
Directive before the handover.
MEPs had already rejected the data retention proposals on two
previous occasions, leading to a threat from Ministers that the
Council would push through its own proposals if the European
Parliament could not approve a compromise draft by the end of the
year.
Backroom talks ensued and yesterday – with 378 votes in favour,
197 against and 30 abstentions – MEPs voted to adopt the
Directive.
But the adopted Directive represents a compromise position and
differs in several ways from proposals approved by the
Parliamentary Civil Liberties, Justice and Home Affairs Committee
late last month.
German rapporteur Alexander Nuno Alvaro, who had led the
Parliamentary discussion of the draft Directive, was so unhappy at
the final approved draft that yesterday he withdrew as rapporteur
to the Directive.
The Directive
In general terms the Directive sets out an EU-wide system of
retaining communications data – data that identifies the caller,
the time and the means of communication (e.g. subscriber details,
billing data, e-mail logs, personal details of customers and
records showing the location where mobile phone calls were
made).
It does not allow for the retention of the content of the
communications, but will retain details of connected, but
unanswered calls. These, according to the Government, can be used
as signals to accomplices or used to detonate bombs.
The inclusion of these so-called “lost” calls is controversial,
and had been one of the sticking points between MEPs and Ministers.
MEPs were concerned that telcos do not currently register such
calls, because no bills are issued in respect of them, and it would
be expensive for these firms to adapt their systems.
Under the approved proposals, the data will now be retained for
a minimum of six months and a maximum of 24, and will be made
available to the police and judiciary in order to investigate
terrorism and serious crime. The data retained will only be
disclosed in specific cases and will be subject to strict data
protection rules. Any abuse of the data will be subject to
sanctions.
MEPs also backed down on a requirement that Member States should
be obliged to reimburse telcos and ISPs for the costs involved in
retaining, storing and accessing the data. The approved Directive
now leaves this issue up to the individual Member States.
Member States could begin implementing the new legislation as
early as next year.
The Reactions
Home Secretary Charles Clarke welcomed the news.
"Agreement on retaining communications data places a vital tool
against terrorism and serious crime in the hands of law enforcement
agencies across Europe,” he said. “Modern criminality crosses
borders and seeks to exploit digital technology. The measure is an
important step in delivering the right to citizens across the EU to
live in peace and free from the negative impact of terrorism and
serious crime.”
Vice-President Franco Frattini, European Commissioner
responsible for Justice, Freedom and Security, called the agreement
a “victory for democracy, a victory for our EU citizens, and a
victory for the fundamental rights and its constituting 25 Member
States, are based upon.”
But others aren’t so happy.
According to reports, the Irish Government is planning to
challenge the new Directive in the European Courts, on the
procedural grounds that the proposals should have been pushed
through by the Council alone.
There are various methods of creating legislation in the EU. One
of these, as in this case, takes the form of a Commission-led
Directive, which requires the approval of the European Parliament
and a majority vote in the Council of Ministers.
Another method, which is usually used in dealing with security
matters, is through a Council-led process, which requires a
unanimous vote in the Council, and a non-binding opinion from
MEPs.
The Irish Government, which wanted more stringent measures, is
unhappy that it had no veto in what it regards as a security
matter, according Euobserver.com.
ISPs are also worried. Speaking to The Register, a spokesman for
the UK Internet Service Providers' Association (ISPA) said: “We are
concerned that ISPs may have to foot the bill for mandatory data
retention. ISPs are not law enforcement agencies so they should not
have to pay for it all.”
Rights groups have their own concerns about the new
legislation.
Privacy International's Senior Fellow Dr. Gus Hosein, said: “It
is no surprise that governments introduce harsh laws after
terrorist attacks. But what is surprising when you compare the
surveillance laws in Europe and the US you find that the EU always
goes further.”
“The EU plans to fingerprint all of its citizens, monitor all
communications transactions, surveil all movement and travel,” he
warned. “All these policies have been rejected by the US but are
now law in Europe. The EU and some of its member states may paint
the US as a monster when it comes to anti-terror powers and civil
liberties but they need to look into the mirror every now and
then."
Privacy International yesterday released a report comparing the
US and EU anti-terrorism approaches.
