At their Spring Summit in March European leaders discussed
anti-terrorist proposals that would tighten security throughout
Europe, including proposals for a Europe-wide system of retaining
communications data.
Communications data are data that identify the caller and the
means of communication (e.g. subscriber details, billing data,
e-mail logs, personal details of customers and records showing the
location where mobile phone calls were made) but not the content of
the communications.
Since the September 11th tragedy, security and law enforcement
agencies have urged governments to look at ways of retaining and
accessing this data, which can be used to build a comprehensive
dossier on the contacts, friendships, interests, transactions, and
movements of an individual.
In the UK, the Retention of Communications Data (Code of
Practice) Order 2003 lays out a voluntary Code of Practice for ISPs
and telcos, but has met with resistance from these agencies – who
believe that it will leave them open to claims under data
protection and human rights laws.
A draft European framework Decision on data retention has been
discussed for years, much to the concern of civil liberties groups.
Indeed earlier this year human rights group Privacy International
obtained a legal Opinion on the proposals – which found that the
draft Decision was unlawful because it breaches the Convention on
Human Rights.
However, the political will for such a scheme was jolted by the
Madrid bombings, and with remarkable haste, the draft Framework
Decision has now been polished up and published.
It will shortly be sent to the European Parliament for the
opinion of MEPs.
The Draft Framework Decision – a
brief overview
Prepared by France, Ireland, Sweden and the UK, the draft
excludes the retention of the content of exchanged communications,
although it does not define what "content" actually is. It also
allows Member States to opt out if they do not find the purposes
behind the draft sufficient to make the retention acceptable.
The draft provides for the data to be retained "for a period of
at least 12 months and not more than 36 months following its
generation." Member States may retain the data for longer if their
"national criteria" permit it.
Provisions are also made for the access by one Member State to
data retained by another Member State. Data protection safeguards
are included, and there is an obligation on each Member State to
ensure the security of the data retained.
The "Framework Decision on the retention of data processed and
stored in connection with the provision of publicly available
electronic communications services or data on public communications
networks for the purpose of prevention, investigation, detection
and prosecution of crime and criminal offences including terrorism"
can be found as a 14-page
pdf
