Data Retention: Decision taken - covers traffic and location data generated by telephony, SMS and internet, but not the content of the information communicated. at RunningWithBulls.com

Data Retention: Decision taken - covers traffic and location data generated by telephony, SMS and internet, but not the content of the information communicated.

Published by bbt December 14th, 2005 in bernard, data protection, data retention, digitalrights, digitalrightsireland, irish politics, irishblogs, politics/world affairs, privacy, runningwithbulls.com

Image taken from the EU Office in Ireland!

(What is the European Parliament up to?)

I don’t think it is a total defeat, but if more legislation is brought about, we could be in deep water.

This morning the decision was made by the European Parliament on Data Retention.

The directive was adopted by 378 votes in favour, 197 against and 30 abstentions.

The full press release of the decision can be seen here (link to EU Parliament newly redesigned website).

Below are the points I feel are most important:

The amendments finally adopted were a compromise between the PES and EPP groups with the Council and differed in some key points to the draft directive adopted initially by the Civil Liberties Committee.

   So they will only know
                     where, what time, and to who you sent SMS messages, or telephone calls
                  where, what time, and to who you sent e-mail
                  where, what timeyou browse webpages

In the final text adopted, Parliament is proposing a number of amendments to the Commission text to restrict the use of retained data and ensure that the future law fully respects the privacy of the telephone and internet users.

This does not however say what happens when the member state government comes asking for that data.
The one possible saving grace is the “ensuring that future laws fully respect the privacy of the users”. In plain words, what are we talking about here?

On the aim of the directive, MEPs agree with the need to retain data for the detection, investigation and prosecution of crime, but only for “specified forms” of serious criminal offences (terrorism and organised crime), and not for the mere “prevention” of all kinds of crime. MEPs feel that the concept of prevention is too vague and could lead to abuse of the system from national authorities.

What constitutes terrorism? What constitutes organised crime? What happens if the definitions of either are changed in the future? Will the retention and use of data be available then? Does filesharing come under any of these?

MEPs feel the “concept of prevention is too vague” - will one of them please explain that to Michael McDowell?

The directive will provide for data to be retained by the telecommunications companies for a minimum of six months and a maximum of 24. MEPs also added a provision for “effective, proportionate and dissuasive” penal sanctions for companies who fail to store the data or misuse the retained information.

What happens if an ISP cannot afford the costs involved? The legislation gives the EU’s national governments the option of reimbursing companies for the costs, but will Ireland sign up to that?

Only the competent authorities determined by Member States should have access to the retained data from phone or internet providers. Furthermore, each national government will designate an independent authority responsible for monitoring the use of the data.

Does this include the Gardaí? If so, God help people! Surely Data Protection Agency would be the most obvious choice here. Or will we go through another government committee/group set-up. What about the Centre for Public Inquiry?

MEPs also establish that access to retained data should be limited to specific purpose and on a case by case basis (push system): each time, the authorities would need to request to the telecom company that the data related to a concrete suspect, instead of having granted access to the whole database.

This means a whole lot of administration and “paper work”.

As for the type of data to be retained, MEPs finally supported the registration of location data on calls, SMS and internet use, including unsuccessful calls. This point was controversial due to the fact that telecom companies do not currently register lost calls for billing purposes and so to do this using new technologies would be expensive. Spanish MEPs strongly supported the Council position to include the retention of unsuccessful calls, since the terrorist attacks in Madrid were prosecuted thanks to the investigation of specific lost calls from mobile phones.

Well, there goes our “cheap” mobile telephone services (this is of course scarcasm- Ireland has one of the highest tarriffs for mobile phone calls). While I agree the bombings of Madrid were atrocious, logging this information is not going to guarantee

MEPs decided to delete the paragraph in which it was mandatory for Member States to reimburse telecom companies for all additional costs of retention, storage and transmission of data. In the draft directive adopted by the Civil Liberties Committee, MEPs had initially called for the full reimbursement of costs.
So, is Bertie going to pay Eircom, BT, Leap for the costs? If not, there goes our cheap €29.99 Broadband that we are “supposed” to have. If not, its back to the IT stoneage.

The only reply I got from the 6 MEPs, elected by the Irish citizens was from Gay Mitchell, of Fine Gael, a member of the European

======
Dear Bernard,

Thank you for your email. I voted against the directive on data retention in the European Parliament this morning based on these grounds:
-I do not know why this proposal was rushed, the ‘extremely accelerated legislation procedure has meant that there was little time for discussion and translations were sometimes unavailable. There was also no time for a technology assessment or for a study on the impact on the internal market. Bearing in mind the measures and plans aimed at better regulation at European level, it is to be hoped that the procedure used for debating data retention will not become the rule’, to quote directly from the report to Parliament.
-There is a framework decision on this issue still with the Council of Ministers.
-There is doubt that the correct legal basis was used for this proposal.

Yours Sincerely,

Gay Mitchell MEP
========

Firstly, Mr. Mitchell (if you are reading this), thank you for your reply. I am sending you a reply asking for some clarification on where exactly ireland stands with this law now.

Tuppenceworth.ie were blogging the live stream of the European Parliament debate this morning.

The only Irishman of note (using that phrase in the negative context was Brian Crowley. From Tuppenceworth:

Brain Crowley: Basically supports Data Retention, as long as member states can keep their own longer laws. Also seeks clarification on whether Minister McDowells legal objection to sending this matter to the EP at all has been addressed.

Go to go Brian! Just making sure Michael doesn’t get in hot water. According to Charles Clark, McDowell’s objections were rejected by the legal advice of the Council. Assures us that any country that wants longer retention periods can apply to the Commission who will read why they want it and decide if it is proportionate.

So Michael might still get his “anti-terror data retention law” through.

Speaking to a very helpful lady named Ann in the European Parliament Office in Ireland (43 Molesworth Street Dublin 2 . Tel: 353 (0)1 605 7900) she was able to tell me that the actual votes, who voted for what, will be available tomorrow on (she thinks) this page

Other useful (but heavy) reading links are:

Electronic communications: personal data protection rules and availability of traffic data for anti-terrorism purposes (amend. direct. 2002/58/EC)
Data Retention Debate Live, EPIC - Data Retention
European Parliament Office in Ireland
Deal on EU data retention law
Bloomberg EU Parliament Approves Phone-Data Storage for Anti-Terror Fight