Peter Hustinx, European Data Protection Supervisor:
Terrorism and organised crime should not be used as excuses for passing laws which undermine people’s privacy and data protection rights … It is a misconception that protection of privacy and personal data holds back the fight against terrorism and organised crime … Good data protection actually goes hand in hand with legitimate crime fighting because it increases the quality of databases and at the same time makes sure that only the right people can access them.
September 21st, 2006
We are at the edge of Europe, but our legal action challenging mass surveillance has implications for the whole European Union. We are the only group bringing a legal challenge and we need your support. We need support on a number of fronts:
- We need you to spread the word. If you have a web site or blog tell your readers about mass surveillance and link to us.
- In particular, it is important that we get Europe-wide blogger and media coverage for this launch. If you can help with this please ask to be added to our press list. Email us at contact@digitalrights.ie.
- And of course we need money. We need to raise a significant amount of money to sustain the litigation. Every small contribution makes a big difference. Please make a contribution at http://www.digitalrights.ie/support, and please contact us if you know of someone willing to make a major contribution.
September 14th, 2006
We have now started our legal action against the Government challenging Irish and European laws on data retention. Here’s the full press release.
DIGITAL RIGHTS IRELAND CHALLENGES MASS SURVEILLANCE LAWS
Irish civil rights group Digital Rights Ireland (DRI) has started a High Court action against the Irish Government challenging new European and Irish laws requiring mass surveillance. DRI Chairman TJ McIntyre said:
These laws require telephone companies and internet service providers to spy on all customers, logging their movements, their telephone calls, their emails, and their internet access, and to store that information for up to three years. This information can then be accessed without any court order or other adequate safeguard. We believe that this is a breach of fundamental rights. We have written to the Government raising our concerns but, as they have failed to take any action, we are now forced to start legal proceedings.
Accordingly, we have now launched a legal challenge to the Irish government’s power to pass these laws. We say that it is contrary to the Irish Constitution as well as Irish and European Data Protection laws.
We also challenge the claim that the European Commission and Parliament had the power to enact the Data Retention Directive. We say that this kind of mass surveillance is a breach of Human Rights, as recognised in the European Convention on Human Rights and the EU Charter on Fundamental Rights which all EU member states have endorsed.
If we are successful, the effect will be to undermine Data Retention laws in all EU states, not just Ireland, and to overturn the Data Retention Directive. A ruling from the European Court of Justice that Data Retention is contrary to Human Rights will be binding on all member states, their courts and the EU institutions.
Attack on Private Life
He continued:
These mass surveillance laws are a direct, deliberate attack on our right to have a private life, without undue interference by the government. That right is underpinned in the laws of European countries and is also explicitly stated in Article 8 of the European Convention on Human Rights. The Article specifies that public authorities may only interfere with this right in narrowly defined circumstances.
The information will be collected and stored on everyone, regardless of whether you are a criminal, a policeman, a journalist, a judge, or an ordinary citizen. Once collected, this information is wide open to misappropriation and misuse. No evidence has been produced to suggest that data retention laws will do anything to stop terrorism or organized crime.
We accept, of course, that law-enforcement agencies should have access to some call data. But access must be proportionate. In particular, there should be clear evidence of a need to move beyond the six months of storage which is already used for billing purposes. Neither the European Commission nor the European police forces have made any case as to why they might require years of data to be retained.
Data Retention, as legislated for in Ireland and mandated by the Data Retention Directive is unjustified mass surveillance. The government is deliberately recording information about innocent citizens without cause.
Legal background
The action challenges the law on data retention contained in the Irish Criminal Justice (Terrorist Offences) Act, 2005 and the European Data Retention Directive passed in 2006. The action has been commenced in the High Court by McGarr solicitors on behalf of DRI and names as defendants the Minister for Communications, Marine and Natural Resources, the Minister for Justice, Equality and Law Reform, the Garda Commissioner, Ireland and the Attorney General. DRI will ask the Irish courts to refer the Directive to the European Court of Justice for a decision on whether it is valid.
International Support
Digital Rights Ireland is the only group bringing a challenge to these laws, but it is supported by many international privacy and civil rights groups. Danny O’Brien of the Electronic Frontier Foundation said:
The EU Data Retention Directive is an excessive invasion of the privacy and security of all Europeans. Mandatory recording and retention of European citizens’ telephone calls by telephone companies and their online behaviour by Internet Service Providers creates a precedent for mass surveillance and is likely to chill freedom of expression on political and social issues that are at the very core of a well-functioning democracy. Digital Rights Ireland’s legal challenge to the directive will help protect not only the fundamental rights of citizens of Europe, but also those of other countries tempted along the same path.
Other organisations supporting the action include Privacy International, the European Foundation for a Free Information Infrastructure, the Czech civil rights group Iuridicum Remedium, Digital Rights (Denmark), the Belgian Liga voor de Mensenrechten (“League for Human Rights”), Electronic Frontier Finland, the UK Open Rights Group, the Italian group, ALCEI (“Electronic Frontiers Italy”), the French IRIS, the Internet Society – Bulgaria, German groups netzwerk Neue Medien (“network New Media”) and FITUG (Förderverein Informationstechnik und Gesellschaft e.V.), and the Austrian groups VIBE!AT (“Austrian Association for Internet Users”) and Quintessenz.
Click here to see how you can support the action also.
September 14th, 2006
Disclosure of your personal information can expose the most private details of your live and leave you vulnerable to identity theft. Unfortunately Irish law doesn’t require companies to tell you when their security has been compromised and your personal information stolen. The first you might know of it is when you discover that your fraudulent alter ego has enjoyed a spending spree on your credit card or run up huge debts in your name. But by then it’s too late.
We believe that this should be changed. Since 2003 California has had a law which requires companies to warn customers whose data has been compromised. This enables victims to take steps to protect themselves (such as cancelling credit cards), and has proven to be very successful. We believe that Irish customers deserve equal protection.
The EU Commission is now proposing something similar to the Californian law, though more limited. The proposal applies to “electronic communications services” (such as telephone or internet services) and would require providers to “notify their customers of any breach of security leading to the loss, modification or destruction of, or unauthorised access to, personal customer data.”
As the Commission dryly notes, this disclosure requirement would “create an incentive for providers to invest in security”. More importantly, it will set a precedent which will help to bring in a wider law requiring warnings in all areas, not just telecommunications.
To support this proposal you can send an email to the Commission, cc.d to our Department of Communications. Click here to send a prepared email of support – you need only fill in your name and [optional] address. (Your email may be published on the Europa website unless confidentiality is requested. Where confidentiality is requested, neither the name of the contributor nor the contribution will be published.)
Full details of the proposal (See p.29 of a long PDF file.)
September 13th, 2006
David Rooney’s Irish Times cartoon neatly sums up the problems with data retention. A small detail is shown below – click on that to open the full cartoon in a new window.
(Many thanks for permission to use the cartoon.)
September 7th, 2006
We’re happy to announce that Dr. Eoin O’Dell will be joining DRI as a director. Eoin is a Lecturer in law and Fellow of Trinity College Dublin and is an acknowledged expert in areas including privacy, defamation, media regulation and freedom of expression. Amongst other things, he was a member of the Department of Justice Legal Advisory Group on Defamation, and he has long been active in promoting public debate about freedom of expression and privacy issues.
September 7th, 2006
