Data Retention Directive

Last updated

Directive 2006/24/EC
European Union directive
Flag of Europe.svg
TitleDirective on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks
Made by European Parliament and European Council
Made underArticle 95 TEC
Journal reference L 105, pp. 54–63
History
Date made15 March 2006
Came into force3 May 2006
Other legislation
AmendsDirective 2002/58/EC

The Data Retention Directive (Directive 2006/24/EC), later declared invalid by the European Court of Justice, was at first passed on 15 March 2006 and regulated data retention, where data has been generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks. It amended the Directive on Privacy and Electronic Communications. According to the Data Retention Directive, EU member states had to store information on all citizens' telecommunications data (phone and internet connections) for a minimum of six months and at most twenty-four months, to be delivered on demand to police authorities.

Contents

Under the directive, the police and security agencies would have been able to request access to details such as IP addresses and time of use of every email, phone call and text message sent or received. There was no provision in the directive that permission to access the data must be confirmed by a court. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid in response to a case brought by Digital Rights Ireland against the Irish authorities and others because blanket data collection violated the EU Charter of Fundamental Rights, in particular the right of privacy enshrined in Article 8(1). [1] [2] [3]

History

In September 2005, during the United Kingdom's presidency of the European Council, a plenary session was held concerning the retention of telecommunications data, chaired by the UK's Home Secretary. [4] This led to an agreement reached by the Council at its meeting on the 1 and 2 December that was then adopted in March 2006, under the Austrian presidency. [5]

Implementation

Romania

The EU directive has been transposed into Romanian law as well, initially as Law 298/2008. [6] However, the Constitutional Court of Romania (CCR) subsequently struck down the law in 2009 as violating constitutional rights. [7] The court held that the transposing act violated the constitutional rights of privacy, of confidentiality in communications, and of free speech. [8] The European Commission subsequently sued Romania in 2011 for non-implementation, threatening Romania with a fine of 30,000 euros per day. [9] The Romanian parliament passed a new law in 2012, which was signed by president Traian Băsescu in June. [10] The Law 82/2012 has been nicknamed "the Big Brother law" (using the untranslated English expression) by various Romanian non-governmental organisations opposing it, as well as the Romanian media. [9] [11] [12] On 8 July 2014 this law too was declared unconstitutional by the CCR. [13]

Criticism

The Data Retention Directive had sparked serious concerns from physicians, journalists, privacy and human rights groups, unions, IT security firms and legal experts. [14]

Annullment

On 8 April 2014, in the landmark Digital Rights Ireland and Ors case, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights. The Council's Legal Services have been reported to have stated in closed session that paragraph 59 of the European Court of Justice's ruling "suggests that general and blanket data retention is no longer possible". [15]

A legal opinion funded by the Greens–European Free Alliance in the European Parliament found that the blanket retention of data of unsuspicious persons generally violates the EU Charter of Fundamental Rights, both in regard to national telecommunications data retention laws and to similar EU data retention schemes (Passenger name records, Terrorist Finance Tracking Programme, Terrorist Finance Tracking System, law enforcement access to the Entry-Exit-System, Eurodac, Visa Information System). [16]

See also

Related Research Articles

<span class="mw-page-title-main">Data Protection Directive</span> European Union directive which regulates the processing of personal data

The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive is an important component of EU privacy and human rights law.

<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, such as organizations like the NSA, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is also often distinguished from targeted surveillance.

Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require licensed telecommunications operators to provide their networks with Legal Interception gateways and nodes for the interception of communications. The interfaces of these gateways have been standardized by telecommunication standardization organizations. As with many law enforcement tools, LI systems may be subverted for illicit purposes.

Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements. Although sometimes interchangeable, it is not to be confused with the Data Protection Act 1998.

The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015 by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens. US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU Data Protection Directive and with Swiss requirements. The US Department of Commerce developed privacy frameworks in conjunction with both the European Union and the Federal Data Protection and Information Commissioner of Switzerland.

<span class="mw-page-title-main">Human rights in Romania</span> The problems and the constitutional rights.

Human rights in Romania are generally respected by the government. However, there have been concerns regarding allegations of police brutality, mistreatment of the Romani minority, government corruption, poor prison conditions, and compromised judicial independence. Romania was ranked 59th out of 167 countries in the 2015 Democracy Index and is described as a "flawed democracy", similar to other countries in Central or Eastern Europe.

<span class="mw-page-title-main">Secrecy of correspondence</span>

The secrecy of correspondence or literally translated as secrecy of letters, is a fundamental legal principle enshrined in the constitutions of several European countries. It guarantees that the content of sealed letters is never revealed, and that letters in transit are not opened by government officials, or any other third party. The right of privacy to one's own letters is the main legal basis for the assumption of privacy of correspondence.

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.

<span class="mw-page-title-main">European Digital Rights</span> Advocacy group

European Digital Rights (EDRi) is an international advocacy group headquartered in Brussels, Belgium. EDRi is a network collective of non-profit organizations (NGO), experts, advocates and academics working to defend and advance digital rights across the continent. As of October 2022, EDRi is made of more than 40 NGOs, as well as experts, advocates and academics from all across Europe.

Source protection, sometimes also referred to as source confidentiality or in the U.S. as the reporter's privilege, is a right accorded to journalists under the laws of many countries, as well as under international law. It prohibits authorities, including the courts, from compelling a journalist to reveal the identity of an anonymous source for a story. The right is based on a recognition that without a strong guarantee of anonymity, many would be deterred from coming forward and sharing information of public interests with journalists.

Digital Rights Ireland is a digital rights advocacy and lobbying group based in Ireland. The group works for civil liberties in a digital age.

The Telecoms Package was the review of the European Union Telecommunications Framework from 2007 – 2009. The objective of the review was to update the EU Telecoms Framework of 2002 and to create a common set of regulations for the telecoms industry across all 27 EU member states. The review consisted of a package of directives addressing the regulation of service provision, access, interconnection, users' contractual rights and users' privacy, as well as a regulation creating a new European regulatory body (BEREC).

The European Union's (EU) Treaty of Lisbon, in force since 1 December 2009, requires the EU to accede to the European Convention on Human Rights (ECHR). Article 6 of the consolidated Treaty on European Union states "The Union shall accede to the European Convention for the Protection of Human Rights and Fundamental Freedoms. Such accession shall not affect the Union's competences as defined in the Treaties." The EU would thus be subject to its human rights law and external monitoring as its member states currently are. It is further proposed that the EU join as a member of the Council of Europe now that it has attained a single legal personality in the Lisbon Treaty.

Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet based mainly upon the Act on Processing of Personal Data.

<span class="mw-page-title-main">Mass surveillance in the United Kingdom</span> Overview of mass surveillance in the United Kingdom

The use of electronic surveillance by the United Kingdom grew from the development of signal intelligence and pioneering code breaking during World War II. In the post-war period, the Government Communications Headquarters (GCHQ) was formed and participated in programmes such as the Five Eyes collaboration of English-speaking nations. This focused on intercepting electronic communications, with substantial increases in surveillance capabilities over time. A series of media reports in 2013 revealed bulk collection and surveillance capabilities, including collection and sharing collaborations between GCHQ and the United States' National Security Agency. These were commonly described by the media and civil liberties groups as mass surveillance. Similar capabilities exist in other countries, including western European countries.

<span class="mw-page-title-main">Max Schrems</span> Austrian author and privacy activist

Maximilian Schrems is an Austrian activist, lawyer, and author who became known for campaigns against Facebook for its privacy violations, including violations of European privacy laws and the alleged transfer of personal data to the US National Security Agency (NSA) as part of the NSA's PRISM program. Schrems is the founder of NOYB – European Center for Digital Rights.

<span class="mw-page-title-main">Data Retention and Investigatory Powers Act 2014</span> United Kingdom legislation

The Data Retention and Investigatory Powers Act 2014 was an Act of the Parliament of the United Kingdom, repealed in 2016. It received Royal Assent on 17 July 2014, after being introduced on 14 July 2014. The purpose of the legislation was to allow security services to continue to have access to phone and internet records of individuals following a previous repeal of these rights by the Court of Justice of the European Union. The act was criticised by some Members of Parliament for the speed at which the act was passed through parliament, by some groups as being an infringement of privacy.

<span class="mw-page-title-main">Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015</span> Act of the Parliament of Australia

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015(Cth) is an Act of the Parliament of Australia that amends the Telecommunications (Interception and Access) Act 1979 (original Act) and the Telecommunications Act 1997 to introduce a statutory obligation for Australian telecommunication service providers (TSPs) to retain, for a period of two years, particular types of telecommunications data (metadata) and introduces certain reforms to the regimes applying to the access of stored communications and telecommunications data under the original Act.

Internationale Handelsgesellschaft mbH v Einfuhr- und Vorratsstelle für Getreide und Futtermittel (1970) Case 11/70 is an EU law case and German constitutional law case concerning the conflict of law between a national legal system and the laws of the European Union.

The ePrivacy Regulation (ePR) is a proposal for the regulation of various privacy-related topics, mostly in relation to electronic communications within the European Union. Its full name is "Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC ." It would repeal the Privacy and Electronic Communications Directive 2002 and would be lex specialis to the General Data Protection Regulation. It would particularise and complement the latter in respect of privacy-related topics. Key fields of the proposed regulation are the confidentiality of communications, privacy controls through electronic consent and browsers, and cookies.

References

  1. "ECJ Press Release in Digital Rights Ireland Data Retention case" (PDF). Court of Justice of the European Union. 8 April 2014. Retrieved 8 April 2014.
  2. "Case number C-293/12". Court of Justice of the European Union. 8 April 2014. Retrieved 8 April 2014.
  3. "Judgment of the ECJ in Digital Rights Ireland data retention challenge". EUR-Lex . Official Journal of the European Union. 8 April 2014. Retrieved 8 April 2014.
  4. "Justice and Home Affairs Informal". 9 September 2005. Archived from the original on 2 February 2010. Retrieved 17 February 2014.
  5. "PRESS RELEASE, 2709th Council Meeting, Justice and Home Affairs" (PDF). 21 February 2006. p. 2. Archived from the original (PDF) on 24 April 2013. Retrieved 17 February 2014.
  6. "CE solicită României să transpună integral normele UE în privinţa păstrării datelolor | Romania Libera". Romanialibera.ro. 16 August 2011. Archived from the original on 12 August 2017. Retrieved 26 January 2014.
  7. "The Legality of the Data Retention Directive in Light of the Fundamental Rights to Privacy and Data Protection | European Journal of Law and Technology". Ejlt.org. Archived from the original on 6 August 2019. Retrieved 26 January 2014.
  8. Romanian Constitutional Court Decision no.1258 of 8 October 2009, Official Gazette no. 798 of 23 November 2009.In: http://ejlt.org//article/view/29/75 Archived 6 August 2019 at the Wayback Machine
  9. 1 2 "Traian Basescu a promulgat asa numita 'lege Big Brother' care prevede stocarea pentru sase luni a datelor de trafic ale tuturor utilizatorilor de telefonie si internet – Telecom – HotNews.ro". Economie.hotnews.ro. Retrieved 26 January 2014.
  10. "EC drops case against Romania as data retention law passes". Telecompaper. Retrieved 26 January 2014.
  11. "Preşedintele a promulgat "Legea Big Brother"". adevarul.ro. Retrieved 26 January 2014.
  12. "Legea Big Brother a intrat in vigoare! Operatorii de telefonie si internet vor putea stoca o serie de date ale abonatilor". Avocatnet.ro. Archived from the original on 24 November 2016. Retrieved 26 January 2014.
  13. "Legea 'Big Brother', prin care furnizorii de telefonie şi internet erau obligaţi să reţină date ale abonaţilor, declarată neconstituţională". mediafax.ro. Retrieved 8 July 2014.
  14. Joint letter of 22 June 2010 to Cecilia Malmström, European Commissioner for Home Affairs, Viviane Reding, European Commission Vice-President with responsibility for Justice, Fundamental Rights and Citizenship and Neelie Kroes, European Commission Vice-President with responsibility for the Digital Agenda. (PDF, 88,5 kB)
  15. "Stoppt die Vorratsdatenspeicherung! - EU lawyers tell Member States: Blanket communications data retention "no longer possible" (23 Jun)".
  16. Boehm/Cole: Data Retention after the Judgement of the Court of Justice of the European Union Archived 8 November 2014 at the Wayback Machine .
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.