Privacy International and many other civil and digital rights organsisations have published an Open Letter to the European Parliament on Data Retention
You can contact your United Kingdom Members of the European Parliament (remember you have more than one of the due to the party list system) via WriteToThem or their contact details can be found on the European Parliament UK Office website. Please lobby your Members of the European Parliament before the plenary session in Strasbourg starting on the 12th of December.
Open Letter to the European Parliament on Data Retention
To all Members of the European Parliament
We the undersigned are calling on you to reject the Directive of the European Parliament and the Council on the Retention of Data Processed in Connection with the Provision of Public Electronic Communication Services and Amending Directive 2002/58/EC.
Adopting this Directive would cause an irreversible shift in civil liberties within the European Union. It will adversely affect consumer rights throughout Europe. And it will generate an unprecedented obstacle to the global competitiveness of European industry.
A Directive Fraught with Problems
In the Information Society every human action generates transaction logs. Our movements, our purchases, and our interactions with others can be routinely logged in public and private sector databases. In recognition of this, the European Union led the world in establishing a data privacy regime to limit the collection, processing, retention, and accessing of this information. Now the Council is demanding that the European Parliament reverse its position and lead the world in introducing mass surveillance of our activities.
Under existing EU law many of these logs are already available for law enforcement purposes for as long as the telecom industry service providers retain them for business purposes. Justice and Home Affairs officials are pushing to make available even greater stores of information.
The Directive proposes the collection of information on everybody's communications and movements. The storage of such "communications traffic data" allows whoever has access to it to establish who has electronically communicated with whom and at what time and at which location, over months and years.
In recent meetings with the Justice and Home Affairs Council on 1 and 2 December 2005, it appears that the European Parliament suddenly agreed to the collection of information on everybody's communications and movements for very broad law enforcement purposes, in spite of having rejected this policy twice before.
We call on the Members of the European Parliament to reject this policy for the following reasons.
1. This Directive invades the privacy of all Europeans. The Directive calls for the indiscriminate collection and retention of data on a wide range of Europeans' activities. Never has a policy been introduced that mandates the mass storage of information for the mere eventuality that it may be of interest to the State at some point in the future.
2. The proposed Directive is illegal. It contravenes the European Convention on Human Rights by proposing the indiscriminate and disproportionate recording of sensitive personal information. Political, legal, medical, religious and press communications would be logged, exposing such information to use and abuse.
3. The Directive threatens consumer confidence. More than 58,000 Europeans have already signed a petition opposing the Directive. A German poll revealed that 78% of citizens were opposed to a retention policy. The Directive will have a chilling effect on communications activity as consumers may avoid participating in entirely legal transactions for fear that this will be logged for years.
4. The Directive burdens EU industry and harms global competitiveness. Retention of all this data creates additional costs of hundreds of millions of Euros every year. These burdens are placed on EU industry alone. The U.S., Canada and the Council of Europe have already rejected retention.
5. The Directive requires more invasive laws. Once adopted, this Directive will prove not to be the ultimate solution against serious crimes. There will be calls for additional draconian measures including:
- the prior identification of all those who communicate, thus requiring ID cards at cybercafes, public telephone booths, wireless hotspots, and identification of all pre-paid clients;
- the banning of all international communications services such as webmail (e.g. Hotmail and Gmail) and blocking the use of non-EU internet service providers and advanced corporate services.
An Illegitimate Process
Proponents of retention policy are sweeping these concerns aside and are harmonising measures to increase surveillance while failing to harmonise safeguards against abuse. European opposition has been high, and the arguments against reasoned and justified. The continued life of this policy in Europe is inexplicable save for the illegitimate policy process that is being pursued by the policy's proponents.
These proponents claim that retention is spreading across Europe. In fact, less than five countries have some form of mandatory data retention in place, and even fewer apply the practice to internet services.
The Council is demanding that the European Parliament approve a regime that parliaments in the Member States have already rejected. For instance the UK Presidency is proposing a policy that has already failed in the UK Parliament. The Council is trying to make the Parliament complicit in this act of policy laundering.
A Key Moment
As the EU embarks on this unprecedented policy, we are facing a momentous decision as to whether we wish to set in motion a chain of events that will lead to a surveillance society.
Once a surveillance regime begins it always expands. As the European Data Protection Supervisor has stated in his opinion, the mere existence of data might lead to increased demands for access and use by industry, law enforcement authorities, and intelligence services. Already, restrictions agreed on in the Committee for Civil Liberties were pushed aside in secret negotiations with the Council.
Though the Council claims retention will combat terrorism, for years it has rejected limiting the legislation to such investigations. Even if access to this data were limited by the Parliament to a list of serious crimes nothing prevents the expansion of this list: already the Copyright Industry has called for access to this data to combat file-sharing online.
Any reimbursement of costs to service providers, like most other surveillance cost-recovery experiments, will likely be temporary. Eventually the costs and burdens generated by this policy will be seen as 'the cost of doing business' and will be passed on to individual consumers as 'the cost of communicating in Europe'.
The only way we can prevent this chain of events is by following the example of other countries around the world and rejecting this policy in its entirety.
Promises are Not Enough
The European Data Protection Supervisor and the Article 29 Working Party of European Privacy Commissioners, as well as the European Parliament itself, have repeatedly stated their convictions that the case for retention has not been made. And their calls for standards and necessary safeguards have gone unheeded. The concerns of civil society and the telecommunications industry have also not been adequately addressed.
This policy continues only due to secret processes, agreements established without scrutiny, and through fast-tracking of debate because the Council fears open and democratic discussion on these matters. This is evidenced by the lack of similar policies in Member States where Parliamentary scrutiny is constitutionally required.
The EU should follow the example of open and democratic countries that have instead chosen to implement a preservation regime where data is collected and retained only for a specific investigation and then is accessed through court orders.
We, the undersigned, call on Members of the European Parliament to recognise the significant threat to European civil liberties, consumers, and industry and to therefore reject the Directive on communications data retention.
Gus Hosein, Privacy International and Sjoera Nas, EDRI
Foundation for a Free Information Infrastructure
European Digital Rights
Foundation for Information Policy Research (UK)
Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung e.V. (Germany)
Digital Rights Ireland (Ireland)
National Consumer Union (NL)
Bits of Freedom (NL)
Digital Rights (Denmark)
Open Rights Group (UK)
Deutsche Vereinigung für Datenschutz (DVD) e.V. (Germany)
IRIS - Imaginons un réseau Internet solidaire (France)
Internet Society - Bulgaria
Netzwerk Neue Medien e.V. (Germany)
ver.di Fachgruppenvorstand Banken (Germany)
Associação Nacional para o Software Livre (Portugal)
EDRI-observer Aljaz Marn, privacyblog.net Slovenia
EDRI-observer ISOC Poland