you're reading...
Institutional and Legal Affairs, PUBLICATIONS

Revising the Data Retention framework

6 language versions available

Überarbeitung des Rahmens für die Vorratsspeicherung von Daten

Revisión del marco de conservación de datos

Révision du cadre régissant la conservation des données

Revisione del quadro sulla conservazione dei dati

Przegląd ram dotyczących zatrzymywania danych

The retention of data for the purpose of investigating and prosecuting serious crime is currently governed by the 2006 EU Data Retention Directive (DRD). In this context, Member States (MS) are required to retain certain data for between six and 24 months. The DRD has however proved controversial in a number of MS. As a result, and following its own evaluation, the Commission is now considering improvements to the Directive.

Retaining data

Retaining data

Copyright dotshock. Used under licence from Shutterstock.com

The Directive requires telecommunications servi­ce providers to store traffic and location data, generated or processed by them, stemming from communications activities. The content of such communications, however, cannot be stored. The requirement covers fixed and mobile network telephony as well as internet access and e-mail. Service providers are required to retain data necessary to identify a number of elements, inclu­ding a communication’s source and destination, as well as location in the case of mobile telephony.

Data retention takes place in most MS, with many reporting it plays an important role in criminal investigations. According to Commission figures, there were over 2 million requests for access to retained data in 17 MS in 2009. Nevertheless the Directive has raised a number of concerns over the right to privacy and in particular the perceived lack of safeguards.

Transposition issues

Objections to the DRD have been expressed in several MS, with a number brought before the Court of Justice (CJEU) by the Commission for failing to implement the Directive. The deadline for transposition was September 2007. In Sweden it was only finally implemented in March 2012 after a second CJEU ruling.

In October 2009, the Romanian Constitutional Court found aspects of the national law implementing the DRD breached both its constitution and Article 8 of the European Convention on Human Rights (Right to respect for private and family life). Similar findings were later made by the Constitutional Courts of the Czech Republic and Germany. The latter considered such data retention to be an “especially grave intrusion” of privacy.

Although most states have now transposed the DRD, issues still remain. In 2010, its transposition in Ireland was challenged by a public interest group and has now been referred to the CJEU for a preliminary ruling. On 31 May, the Commission announced that it was taking Germany to the CJEU for failure to transpose the DRD with a request for financial penalties.

Commission evaluation

The Commission undertook an evaluation of the DRD, published in 2011. It concluded that the EU should continue to support data retention as a valuable tool in criminal investigation and to protect against harm caused by crime and terrorism. It nevertheless recognised the impact of data retention on the right to privacy and the importance of establishing both necessity and proportionality. It stated its intention to propose improvements to the current regime.

Reacting to the report, the European Data Protection Supervisor stated that there was not sufficient evidence to support the need for data retention as developed in the Directive. He called for an examination of “alternative, less privacy-intrusive means”.

And the next steps?

The Commission’s Action Plan implementing the Stockholm Programme indicated that any pro­posal to revise the DRD would be made during 2012. In the light of this statement, oral questions with debate have been tabled by MEPs on behalf of the EPP, S&D, ALDE, Greens/EFA and GUE/NGL groups asking, inter alia, when the proposal will be published.

However in an e-mailsent in early July and now in the public domain, the Commission indicated that the revision of the DRD could now be announced in 2013 or 2014 depending on progress with the General Data Protection Regulation, currently being discussed by the EP and Council. The Commission also stated that the revision would be postponed to coincide with a review of the e-privacy Directive.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Download the EPRS App

EPRS App on Google Play
EPRS App on App Store
What Europe Does For You
EU Legislation in Progress
Topical Digests
EPRS Podcasts

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 3,344 other followers

Disclaimer and Copyright statement

The content of all documents (and articles) contained in this blog is the sole responsibility of the author and any opinions expressed therein do not necessarily represent the official position of the European Parliament. It is addressed to the Members and staff of the EP for their parliamentary work. Reproduction and translation for non-commercial purposes are authorised, provided the source is acknowledged and the European Parliament is given prior notice and sent a copy.

For a comprehensive description of our cookie and data protection policies, please visit Terms and Conditions page.

Copyright © European Union, 2014-2019. All rights reserved.

%d bloggers like this: