April 5, 2012
Although the exact proposals remain unclear, the Coalition seemed to be gearing up to extend the current rules on the retention of and access to communications data (the destination of phone calls, emails and websites visited, but not their content, is already recorded and stored for 12 months by UK law).
The requirement for service providers to retain this data are laid down in the EU’s 2006 Data Retention Directive. We looked at the Directive and various other surveillance-type EU proposals in this report in 2009. But it should be noted that the previous UK Government was a co-sponsor of the initial EU proposal when it was first tabled in 2004 and, following the 2005 London bombings, was a strong supporter of the rules.
The Coalition’s new proposals, which it seems likely to continue pushing after this storm has died down, would use additional UK legislation to extend the data collected to cover contacts made via social networking, and potentially even online video games. But, arguably the most controversial proposal is to allow intelligence officers to access emails, calls and texts as they happen in ‘real time’, without a warrant, rather than retrospectively.
This all goes beyond the current EU Data Retention Directive, which is basically limited to the retention of data on landline calls, mobile calls, emails and web history. The current Directive also leaves it up to member states to decide how and when law enforcement authorities can gain access to this data. So don’t blame the EU in other words.
And crucially, the Commission’s 2011 evaluation of the current Directive stated that:
The Commission will assess the need for, and options for achieving, a greater degree of harmonisation with respect to the authorities having and the procedure for obtaining access to retained data. Options might include more clearly defined lists of competent authorities, independent and/or judicial oversight of requests for data and a minimum standard of procedures for operators to allow access to competent authorities.
What this would mean for the UK in practice is not entirely clear because the UK is often rather more keen on state snooping than other EU states (e.g. Germany, which doesn’t implement the original directive after its Constitutional Court struck it down). It is therefore unlikely that the EU minimum standard for law enforcement access to data would go beyond current UK practice or what the Coalition is trying to do in future.
However, this week’s media storm over how much access the state has to our personal data shows that the principle of allowing the EU to determine which authorities have access to our personal data, and when, could create huge political issues in the future. How would politicians like to tell their voters that in fact it is the EU that decides on who and how police forces can access their data?
One thing that this week has surely taught us is that this is something that should be decided nationally, where if the one government decides to make authoritarian assaults on civil liberties they can at least be overturned by future governments or rethought due to public pressure. Not so once an EU directive is in place and it requires the re-opening and successful conclusion of negotiations between 27 member states and 736 MEPs.
It will interesting to see, following this week’s storm in Britain, what the Commission will propose.