This article is also available in:
Deutsch: Vorratsdaten: Offener Brief von EDRi und 37 NGOs an EU-Kommission
On 26 September 2011, European Digital Rights and 37 other NGOs from 14 countries sent a letter to Commissioners Malmström, Kroes and Reding on the review of the Data Retention Directive. The purpose of the letter is to provide input into the Commission's ongoing work on a review of the legislation.
Earlier this year, EDRi published a "shadow" Implementation Report in order to address the shortcomings of the official Implementation Report from the European Commission. Rather than waiting for the Commission to finish the next stage in the process, the Impact Assessment, EDRi felt that it would be constructive to provide analysis now on what we and related NGOs consider to be the minimum range of issues to be covered in such a document. To avoid any confusion, the letter starts by saying that any proper assessment can only come to the conclusion that the Directive is unnecessary and illegal.
The letter draws attention to the fact that the Commission has already produced a methodology for the analysis of the fundamental rights compatibility of its proposals - the "fundamental rights checklist" which is part of its "Strategy for the effective implementation of the Charter of Fundamental Rights by the European Union."
Much of the analysis is based on the shortcomings of the Implementation Report. The central mistake which we would like not to see repeated is the fallacy that all uses of retained data can be used to argue that the Directive is valuable. In reality, recently generated data is more likely to be used in investigations and such data would have been available anyway even if the Directive had never existed.
The letter also draws attention to some of the core problems with the Directive, such as the lack of a harmonised definition of "serious crime" and the lack of a harmonised approach to access and security. The lack of clarity on these points makes it impossible for citizens, to know how their data is being stored, how it is being accessed and for what purpose.
Ironically, the Directive was proposed as a measure to harmonise the approach to this policy in the European Union - even though few countries had such a policy to begin with. It managed to disharmonise the single market, by forcing the policy onto 27 countries, with vastly varying retention periods, rules for cost reimbursement etc.
The next step in the process for the Commission will be the preparation of an "Impact Assessment", listing a number of different policy options and coming to the conclusion (as has already been politically decided) that the Directive is useful but offering some small concessions, such as a small reduction in the maximum retention period, which will be sold as major improvements in the deeply flawed legislation.
Joint letter on data retention (26.09.2011)
http://www.edri.org/files/dr_letter_260911.pdf
Fundamental rights checklist
http://ec.europa.eu/justice/news/intro/doc/com_2010_573_4_en.pdf
Commission implementation report (18.04.2011)
http://ec.europa.eu/commission_2010-2014/malmstrom/archive/20110418_da...
EDRi Shadow implementation report (17.04.2011)
http://www.edri.org/files/shadow_drd_report_110417.pdf
Commissioner Malmström's speech December 2010 (3.12.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/723
(Contribution by Joe McNamee - EDRi)