Data Retention Directive Passed

Yesterday morning (14th December 2005) the European Parliament passed a Directive mandating member states to introduce surveillance of all European citizens in their daily lives.

Digital Rights Ireland deplores the decision of the large parties in the European Parliament to collude with the Council of Ministers in this back-room deal, by-passing the compromise proposal proposed by the Parliament Rapporteur from the Committee for Civil Liberties, Justice and Home Affairs, Mr. Alexander Alvaro.

The Directive mandates that EU member states, including Ireland, are to track the location of all mobile phones, all calls made from land lines and mobile phones, as well as all information on individuals’ internet and email usage. This will include keeping records of all web sites visited, the senders and recipients of all emails and the use of any other Internet Protocol (IP) based communication such as the increasingly popular Voice over IP (VoIP) phone providers such as Skype.

Digital Rights Ireland chairman, TJ McIntyre responded “We will be campaigning for a full and public consultation process before the Irish implementing legislation is drafted. So far, data retention measures have been negotiated behind closed doors, with a haste justified by artificial urgency. The citizens of this country deserve an open and inclusive debate before any further freedoms are taken away.”

Privacy Under Attack

Ireland has already had surveillance of this kind for some years. The existing rules required details of telephone use and mobile phone location to be stored for three years. This was initially introduced in secret in 2002, and was placed on a statutory basis only this year, by way of a last-minute amendment to pending legislation. This amendment was introduced without prior warning or consultation, and rushed through with little debate.

However, this European law goes further. It extends monitoring to cover all internet use. It will require Internet service providers to record details of every email you send and every web page you visit. The Directive requires this information to be kept for a minimum of 6 months, but allows national governments to adopt longer periods if they wish. The Irish Government already requires your telephone records to be held for 3 years and seems set to apply the same to these new areas.

In addition, this law, since it was adopted in Europe, is immune from challenge under our Constitution. No Irish judge will be able to decide whether this law amounts to a breach of the constitutional right to privacy. Digital Rights Ireland is concerned that our Constitutional rights can be evaded so easily.

A Rushed Job

This directive was the fastest ever to be adopted by the European Parliament – moving from initial European Commission draft to final vote in less than three months, as opposed to the usual period of over a year. The rush was attributable to the UK Presidency’s need to have the matter dealt with during their term of office.

Gay Mitchell MEP, who broke with Fine Gael’s grouping (the European People’s Party) to vote against the law said, “I do not know why this proposal was rushed. The extremely accelerated legislation procedure has meant that there was little time for discussion, and translations were sometimes unavailable. There was also no time for a technology assessment or for a study on the impact on the internal market.”

Internet business groups have decried the Parliament’s decision. The umbrella group for European Telco and ISP industry associations warned “This directive will impose a significant burden on European e-communications industry, impacting on its competitiveness. However, only a fraction of the e-mail services used today would be covered by the EU Directive as the world’s largest e-mail providers are not in Europe, allowing criminals to easily circumvent the rules.”

Michele Neylon, of Carlow-based Blacknight Hosting echoed this warning “Although, as a responsible company, we can appreciate the spirit of the legislation, I feel that this legislation’s introduction will have a negative impact on industry, while it will fail to address its own objectives.”

“It is disappointing that the European Parliament has seen fit to support such a draconian and disproportionate directive. Those MEPs who voted in favour of data retention have shown an alarming disregard for Europeans’ civil liberties and human rights. We will now be looking at what can be done both in the European Court of Human Rights, and on a national level, to overturn – or at least limit – this legislation.”- Suw Charman, Open Rights Group (UK)

Gus Hosein, Visiting Fellow of the LSE and Senior Fellow of UK-based watchdog Privacy International said “The EU used to set the standard for privacy protection. Now because of pressure from the UK and Ireland, the EU is ‘going it alone’ and leading the world in surveillance of all of our interactions and movements in the information society.”

Ireland’s Response

The Irish Minister for Justice, Mr. Michael McDowell, who was one of the promoters of Data Retention in the Council of Ministers, has now threatened to take a legal challenge to this directive to the European Court of Justice. This is the result of an argument over whether the European Commission and Parliament should have had any role in determining what Mr. McDowell argues was a matter solely for the governments. Digital Rights Ireland would welcome this development, and calls on the Minister not to pull back from his stated position, which is also supported by the government of Slovakia.

Digital Rights Ireland, along with other European rights groups and industry representatives, have argued that data retention is a disproportionate invasion of everyone’s privacy. It treats everyone using a telephone or the Internet as a suspect, putting every man, woman and child in Europe under surveillance. Data preservation, which rights groups prefer, would target only those actually suspected of being engaged in criminal activities, and would implement adequate safeguards such as court orders and warrants

Following the formality of Council of Ministers’ approval for this law, Ireland will have 18 months in which to draft national legislation to implement its terms, pending the outcome of the Minister for Justice’s mooted challenge to the validity of this directive.

As befits the public significance of this kind of legislation, Digital Rights Ireland will vigorously seek to assist policy makers in drafting proportionate and secure national laws.

We will also be campaigning for adequate safeguards to be put in place before this new law is implemented. These must include minimising the time for which your information is stored, limiting the circumstances in which your information can be accessed, providing for adequate oversight of the data retention system, and requiring independent approval before your personal information can be accessed. Without these safeguards, details of your phone calls, your internet use, and even your whereabouts will be wide open to abuse.