The European Council of ministers of Justice and Home Affairs will meet on 2 and 3 December 2004. Telecommunication data retention is an important item on the agenda. The Dutch EU Presidency tried to force the Council to reach a quick unanimous decision on the proposed framework decision, but has now changed course. According to an explanation given by minister Donner of Justice on 1 December 2004 to the judicial committee of the Dutch Lower House, a large majority of EU Member States is now in favour of an extended obligation. Supposedly lead by France, most countries now insist on a large set of data that should be collected and stored by telecom and internet providers, in stead of limiting the retention to data that are already collected for business purposes.

Not a single example of these extra data was given, but providers should be prevented from 'obscuring personal data' and 'there must be certainty about the set of available data across Europe', said minister Donner. The JHA Council will now proceed to discuss the extent of the extended obligation, in stead of focussing on the need and necessity of storing intimate data about all citizens as opposed to preserving data of individual suspects.

The European Working Party of data protection authorities has finally released an opinion on the proposed retention of communication traffic data. The Working Party concludes the proposal is not acceptable within the legal framework set by Article 8 of the European Convention on Human Rights. According to the Working Party data retention deserves the same level of protection as interception. They cite jurisprudence from the European Court of Human Rights that decrees that all interception of telecommunications data must fulfil three fundamental criteria; a legal basis, the need for the measure in a democratic society and conformity with a legitimate and listed aim. The proposal sent to the European Council on 28 April 2004 by France, Sweden, Ireland and the UK does not meet any of these criteria, according to the data protection

Last week Big Brother Awards were presented in 3 different countries to a wide range of government officials, companies and institutions for violating privacy and promoting extensive control over citizens lives.

Seville in Spain hosted the 50st BBA event held worldwide on 30 October 2004, 6 years since Privacy International invented the ceremony in London. The Spanish jury awarded Zara, a fashion clothing store chain belonging to giant Inditex, for using RFID chips in some of their products. The Spanish jury also awarded a price to the shadow-government ordering the confiscation of servers of Indymedia in London. Shadow-government because "unfortunately, we are still to be told who that government is."

In Austria, a remarkable peoples price was awarded to the electric company of the city of Linz, for trying to stifle critics. Radio technicians discovered the powerline-technology could produce radio-interference. The technicians were not invited to discuss and help solve the issue, but sued for 'damage of credit', with a very intimidating demand for compensation of financial damages. On top of that a lawyer of the Linz Strom GmbH intervened in his role as member of the supervisory board of an Austrian media company to prevent the criticism from being spread.

The French digital rights organization IRIS is upset about the continuous delay by the French government in publishing administrative decrees that would define mandatory data retention for telecommunication companies. During the open workshop in Brussels on 21 September 2004, a representative from the French Ministry announced these decrees would be published 'within the next few days' and would set the time period on 12 months. (See EDRI-gram 2.18)

The legal regime for data retention in France has originally been set by the law on daily safety (Loi sur la Sécurité Quotidienne - LSQ) from 15 November 2001, and has been later included in Article L34-1 of the electronic communications Codes. But the administrative decree that would define the obligation to store data beyond the immediate business purpose of transmitting and billing, is still unknown.

The Dutch presidency of the European union drafted a revised proposal for the mandatory storing of telecommunication data. The new proposal seems to let the members states free in choosing the time period and raises many questions with regard to its scope.

France, Ireland, the UK and Sweden drafted the original proposal to the Council of the European Union to store the telecommunication data of all 450 million EU citizens for a period of 12 to 36 months, for law enforcement purposes. These so-called traffic data reveal who has been calling and e-mailing whom, which websites they have visited, and even where people were with their mobile phones.

The plan addresses providers of telephony and internet, both networks and services. They will have to store the traffic data of all their users, not just those of suspects. The traffic data will be accessible for law enforcement authorities and intelligence services, not just nationally, but across all EU-borders. The member states decide themselves on the powers they grant to obtain access nationally.

According to an article in the Frankfurter Allgemeine Zeitung Germany is changing its position on the proposal from the EU Council to oblige telecom and internet providers to store traffic data about all their customers for 12 to 36 months. The legislative chamber that represents Germany's 16 states on national issues (the Bundesrat) voted on 1 October to 'take notice of' rather than support the EU proposal. Previously this important legislative body unsuccessfully tried to introduce mandatory data retention for at least 6 months in the new Telecommunication law. The current data retention regime in Germany allows for 90 days storage of traffic data.

Meanwhile, the German government has published a new draft law for telecommunication and post interception on behalf of the Customs Office. 2 Paragraphs of the previous law were declared unconstitutional by the Constitutional Court on 3 March 2004, for violating the communications secrecy guaranteed in Article 10. The new proposal defines the surveillance powers of the Customs Office much more precisely, listing for example the crimes that interception can be called for, in stead of the previous, more general description of 'criminal offences of substantial importance'. Also, in case of a possible hand-over of personal data to other public institutions the materials must be marked as 'sensitive', to respect the communication secrecy.

"This is not something industry wants", a representative from the Danish IT-industry Association stated at a meeting on data retention in Copenhagen on 21 September 2004. The meeting was arranged in response to the massive criticism raised by the industry, cooperative housing associations, civil liberty groups and others earlier this year. The meeting was convened by the Ministry of Justice to discuss next steps for the draft Administrative Order and code of guidelines.

At the meeting it was decided to establish an expert working group with industry representatives to assist in the drafting process. It was also mentioned that the retention order most likely will exempt chatrooms, which were included in the first draft. However, the concerns raised in relation to disproportionality, discrimination, financial burdens, and

Telephone traffic data are only necessary to solve crimes in a minority of police investigations. Most cases can be solved without access to traffic data, with the exception of large fraud investigations.

These are the conclusions of a Dutch police report produced at the request of the Dutch ministry of Justice. The report was recently obtained by the Dutch civil liberties organisation Bits of Freedom through a public access request.

The report undermines the Dutch government's support to the EU draft framework decision on data retention. The report makes no case for the proposed data retention as Dutch police already uses traffic data in 90% of all investigations. The police can already obtain, with a warrant, the traffic data that telecommunication companies store for their own billing-