Out-Law News | 26 Sep 2005 | 1:59 pm | 3 min. read
The current EDPS is Peter Hustinx, formerly the President of Holland's national data protection authority. As EDPS he is responsible for monitoring the processing of personal data by the Community institutions and bodies.
"This is an incredibly sensitive issue,” wrote Mr Hustinx. “The Directive has a direct impact on the protection of privacy of EU citizens and it is crucial that it respects their fundamental rights, as settled by the case law of the European Court of Human Rights. A legislative measure that would weaken the protection is not only unacceptable but also illegal."
The Commission’s proposal, published last week, provides for an EU-wide harmonisation of the obligations on providers of publicly available electronic communications, or a public telecommunications network, to retain data related to mobile and fixed telephony for a period of one year, and internet communication data for six months.
The proposed Directive would not be applicable to the actual content of the communications. It also includes a provision ensuring that the service or network providers will be reimbursed for the demonstrated additional costs they will have.
But it is not the only data retention initiative before the EU. In April last year the UK, France, Ireland and Sweden published a draft Framework Decision on the issue and, despite its rejection by MEPs in June, the four Member States are still pushing the Council of Ministers to approve the proposals.
The draft Framework Decision would oblige the retention of communications data from phone calls and emails for a minimum period of 12 months. It could be adopted by the Council acting alone, without any debate in Parliament – unlike the Commission’s proposals, which require the approval of both the Council and European Parliament.
This second legislative route, according to Mr Hustinx, is the only acceptable way forward.
“Only this procedure,” he wrote, “constitutes a transparent process of decision-making with full participation of the three institutions involved and with due respect to the principles on which the Union is founded. “
Mr Hustinx has not, and does not yet intend to give an Opinion on the draft Framework Decision. The Opinion published today relates only to the Commission’s proposals.
Hustinx makes it clear that he is not convinced that a Directive on data retention is necessary – a requirement of human rights legislation.
“The circumstances in society may have changed due to terrorist attacks, but this may not have as an effect that high standards of protection in the state of law are compromised,” he warns.
Hustinx says that if the Council and the European Parliament decide that data retention is necessary for the purpose of serious crime investigation, it will be justifiable only if it is proportionate and includes:
To be fully effective, says the EDPS, the draft Directive must fully harmonise all elements of the proposals, including the type of data to be retained, the length of time it my be retained and the purposes for which the data may be given to relevant authorities.
Leaving parts of the proposals to the whim of individual states would not help the internal market, enforcement agencies or the principles of human rights and data protection, he warns.
The EDPS also recommends tightening some clauses, to specifically limit access to the retained data for defined purposes and to clarify the length of time it may be retained. A paragraph on data protection is also necessary, he says. It is not sufficient to simply refer to other existing data protection legislation in this context.