Call for EU-wide data retention after Madrid bombings

EU heads of state, now in the midst of their Spring Summit, are considering a draft Declaration against terrorism, in the wake of this month's Madrid bombings.

The draft includes measures that EDRi says will "have a chilling effect on the daily lives of European citizens and their freedom to travel and communicate."

Of particular concern to EDRi is the focus on the retention of communications data.

Communications data are data that describe the caller and the means of communication (e.g. subscriber details, billing data, e-mail logs, personal details of customers and records showing the location where mobile phone calls were made) but not the content of the communications.

Since the September 11th tragedy, security and law enforcement agencies have urged governments to look at ways of retaining and accessing this data, which can be used to build a comprehensive dossier on the contacts, friendships, interests, transactions, and movements of an individual.

The EU is developing a framework directive, known as the "Draft Framework Decision on the Retention of Traffic Data and Access to this Data in Connection with Criminal Investigations and Prosecutions," while ten Member States, including the UK, are already preparing their own legislation on the issue.

In the UK, the Retention of Communications Data (Code of Practice) Order 2003 lays out a voluntary Code of Practice for ISPs and telcos, but has met with resistance from these agencies – which believe that it will leave them open to claims under data protection and human rights laws.

Similar concerns led human rights group Privacy International to obtain a legal Opinion on the draft European framework directive – which found that the draft directive is unlawful because it breaches the Convention on Human Rights.

However, the political will for such a scheme was jolted by the Madrid bombings, and retention of communications data now looks likely to form part of the EU anti-terrorist approach.

According to EDRi, EU leaders are also discussing proposals to upgrade existing databases, such as the controversial Schengen Information System. This system, which became operational in seven countries in 1995, now covers the bulk of EU countries, although the UK is only partially involved.

The system enables enforcement agencies throughout Europe to have access to a database of reports on individuals and objects, such as cars, for border control purposes, internal police checks and in some cases for the purpose of issuing visas, residence permits and administrating persons that the system defines as aliens.

Other proposals include the use of European passenger data for "other law enforcement purposes", the approval of the current scheme for sending this data to the US and the tightening up of proposed biometric requirements for the new EU passports, according to EDRi.