EU News
Printable version | E-mail this to a friend |
Evaluation shows that the Data Retention Directive does not meet privacy and data protection requirements, says EDPS
Yesterday, the European Data Protection Supervisor (EDPS) adopted an opinion on the European Commission's Evaluation Report on the Data Retention Directive (*). This much discussed Directive requires all providers of electronic communication services to store traffic and location data of the communications of all citizens, for possible use by the Member States for law enforcement purposes. The Commission Report provides an evaluation of the implementation and application of the Directive and measures its impact on economic operators and consumers.
The EDPS is pleased to see that the Commission took into account the implications of the Directive for the fundamental rights to privacy and data protection, especially in view of the criticisms that have been levelled concerning the privacy-intrusive nature of the Directive.
On various occasions, the EDPS has said that the availability of traffic and location data can play an important role in criminal investigations. However, he has also repeatedly expressed serious doubts about the necessity for retaining data on such a large scale in light of the rights to privacy and data protection. In this perspective, the EDPS has underlined the crucial importance of the evaluation process and called for a clear demonstration that such a measure is necessary and proportionate (**).
After careful analysis of the Evaluation Report, the EDPS takes the view that the Directive does not meet the requirements imposed by the fundamental rights to privacy and data protection, mainly for the following reasons:
-
the necessity for data retention as provided in the Directive has not been sufficiently demonstrated;
-
data retention could have been regulated in a less privacy-intrusive way;
-
the Directive leaves too much scope for Member States to decide on the purposes for which the data might be used, and also for establishing who can access the data and under which conditions.
Peter Hustinx, EDPS, says: "Although the Commission has clearly put much effort into collecting information from the Member States, the quantitative and qualitative information provided by the Member States is not sufficient to draw a positive conclusion on the need for data retention as it has been developed in the Directive. Further investigation of necessity and proportionality is therefore required, and in particular the examination of alternative, less privacy-intrusive means".
The Evaluation Report will now play a role in possible decisions on amending the Directive. The EDPS calls for the Commission to seriously consider all options in this further process, including the possibility of repealing the Directive, whether or not combined with a proposal for an alternative, more targeted EU measure.
If, on the basis of new information, the necessity of an EU instrument on data retention is demonstrated, the following basic requirements should be respected:
-
it should be comprehensive and genuinely harmonise rules on the obligations to retain data, as well as on the access and further use of the data by competent authorities;
-
it should be exhaustive, which means that it has a clear and precise purpose which cannot be circumvented;
-
It should be proportionate and not go beyond what is necessary.
(*) Report from the Commission, of 18 April 2011, to the Council and the European Parliament - Evaluation report on the Data Retention Directive (Directive 2006/24/EC) (COM(2011) 225 final)