The proposal, introduced jointly by France, the UK, Ireland and Sweden in April 2004, is intended to ease judicial cooperation in criminal matters by harmonising the legislation of Member States relating to the retention of data processed and stored by ISPs and telcos.
It takes the form of a draft Framework Decision, which sets out provisions for the retention of communications data – data that identifies the caller and the means of communication (e.g. subscriber details, billing data, e-mail logs, personal details of customers and records showing the location where mobile phone calls were made) but not the content of the communications.
The draft provides for data to be retained in principle for a minimum of 12 and a maximum of 36 months. But it was rejected by the European Parliament yesterday, after MEPs considered a report into the proposal by liberal MEP Alexander Nuno Alvaro.
This report highlighted problems with the legal basis on which the Decision is founded, and the proportionality of its plans.
The report demanded that Member States produce a study proving the need for the data retention arrangements. It also suggested checking whether the Decision's objectives might be better achieved by implementing the Council of Europe's Convention on Cybercrime – the first international treaty on criminal offences committed against or with the help of computer networks.
The Parliament's concerns with the Council’s proposals are shared by the European Commission. Last week, the Commission announced that it will put forward its own plans for a data retention law that would limit the retention period to one year.
According to Information Society and Media Commissioner Viviane Reding, any harmonisation of EU data retention laws should be made by the Commission rather than individual Member States, because the Commission-led legislative process is more transparent than that led by the Council.
Under the current process, MEPs can only give their views on the proposals. According to the Parliament, Minister Nicolas Schmit has declared that the Council maintains its text – i.e. it wants to progress the draft Decision.
Kathalijne Buitenweg, Dutch MEP and Greens/EFA Coordinator of the Committee, expressed her outrage at the Council’s action.
"If EU ministers try to push these laws through without any regard to the Parliament and the legitimate concerns it has raised about privacy and costs for business – many of them small, then we should go to the European Court of Justice and let them decide if this is an area where MEPs should have the right of co-decision,” she said.
Under the co-decision procedure, the Council of Ministers and Parliament would need to agree the text for it to become law.
Ms Buitenweg added: "the European Commission shares our view that this costly and hard-to-execute proposal, which has severe implications on privacy rights as well as business, deserves an appropriate legal base."