Dutch Government already thinks about extending data retention at European level
April 14th, 2009The Dutch Government has answered (in Dutch) an additional set of questions by the Dutch Senate about the implementation of the Data Retention Directive. In the end of last year the Senate had held a hearing with technical experts. This final set of questions and answers probably concludes the written back and forth between the government and the Senate so the Senate can be expected to have a plenary debate about the implementation proposal later this Spring. (UPDATE: The plenary debate has been scheduled to take place on 23 June 2009.) Below I listed some excerpts (my translation) from the Q&A, which I found most remarkable.
A data retention agenda for the future
First, because they stipulate quite clearly that the Dutch government sees the current proposal for data retention as being of a limited nature. It already points to a possible extension of data retention at the European level, in particular a drastic extension of data retention obligations with regard to online communications and with regard to the term.
What fundamental rights?
Second, because it downplays the interference with fundamental rights. To compare access to the complete set of traffic data, including location data, of the entire population for national security and law enforcement purposes with a specified bill for billing purposes is quite remarkable. It’s also remarkable to point to the strict conditions for access to these data because these conditions are not strict at all and have been much criticized when they were adopted a few years ago. To point to the technical nature of the data involved is even more flawed. The fact that citizens and consumer have become part of a data-processing ecosystem that no longer involves human decision makers is more of an extra threat to personal liberty and autonomy than the other way around.
Pointing to Europe
Third, because the Dutch government again takes no full responsibility to legitimate the interference with fundamental rights but points towards the European legislature. I have argued, in response to the data retention directive judgment of the ECJ, that the reasoning of the Court implies that the Member states carry most of the responsibility for legitimizing the interference with fundamental rights. The reason is that the directive does not harmonize crucial aspects of the data retention regime, such as the term, the maximum set of data and most of all access to these data. The Dutch government simply can not rely on the balance that has been struck at the European level, because the directive leaves too many things open.
And endorsing a flawed judgment of the ECJ
Finally, because the government at the same time endorses the judgment of the ECJ and gives the primary argument why the Court should have struck it down. The government states explicitly (and this time in my opinion convincingly) why differences between data retention obligations between the member states cannot harm the competitiveness within the internal market. There is still a level playing field. The negative effects on the internal market were the reason why the directive was legally adopted (in the ECJ’s eyes).
The relevant excerpts:
Answering a question about the ineffectiveness of the proposal because a lot of online communication services fall outside of its scope:
User data of social network sites like Hyves and LinkedIn and the use of certain forms of Internet telephony like Skype currently fall outside of the scope of the proposal because of a lack of political support within the European Union to retain data relating to the use of the Internet, other than simple Internet access. [...] If it would turn out that because of this an important set of data would fall outside of the scope of the Data retention directive, this can be addressed in the context of the evaluation of the directive and this will possibly lead to amendment of the directive.
Answering the question about the justification of the data retention term of one year:
Weighing all interests and taking into account all circumstances, I take the view that the critical boundary [with regard to the legality of the interference of Article 8 ECHR] is not being reached with a term of one year. [] I take the view that the evaluations will be able to provide more insight into the importance of the data in concrete investigations and thereby also in the optimal length of data retention. The evaluation has to be concluded before 15 September 2010.
Downplaying the interference with fundamental rights:
The risk of the interference with the private life of data subjects consists primarily of the image that these data provide of communicative behavior. On that point, there is little difference with the specified bills that telecom providers offer as an extra service. In addition, there is a risk of linking the data to criminal activity of persons. However, a similar risk is also present in the context of requests for license plate information by the police. The Criminal Procedural Code stipulates strict conditions for the access to data by law enforcement officials. The above does not alter the fact that subjects have a right that the data about their communications are being processed with exceptional care.
Again downplaying the interference with fundamental rights, pointing to the technical nature of the data processing infrastructure:
The right to protection of private life, enshrined in Article 8 ECHR and Article 10 of the Dutch Constitution, is only at issue to limited extent. Nothing is being stored about the contents of communications. The data are of a technical nature and are usually stored in dispersed form in the systems of the providers.
Pushing the responsibility for the interference with fundamental right toward the EU:
With regard to the necessity of the interference in a democratic society, there is a margin of appreciation for the member states. The data retention obligation, however, follows from a European directive and the [Dutch] data retention term falls within the limitations of the Directive.
And finally arguing that the difference between member states, in terms of costs for providers does not mean there is not a level playing field for electronic communication providers:
I find the fear for negative effects on the competitiveness within the EU ill-founded. All public providers that are active in the Netherlands, i.e. small and large, can make an appeal to the reimbursement regulation in Article 13.6 of the Telecommunications law. This regulation is applicable, regardless of the origin of the provider. For all providers between themselves, there will still be a level playing field after the adoption of the data retention obligation.