The 2006 EC Data Retention Directive: A systematic failure

Date01 January 2011
AuthorStephen Mcgarvey
The 2006 EC Data Retention Directive: A
Systematic Failure
Since the 1970s the relationship between data protection and law enforce ment
enhancement has been dramatically altered by the progression of technology.
Undoubtedly, the increasing growth of information technology and, in
particular, the internet, has had an impact on the private life of citizens not seen
since the industrial revolution. In our daily use of telecommunication
applications, all our images and personal details are perpetually recorded by
surveillance cameras, security systems and a great number of other devices, and
thus with this technology rich lifestyle we produce millions of pieces of data.2
In the case of electronic mail for example, data recorded may include such
things as the time the e-mail was sent, the person to whom it was sent, the size
of the file etc. In the case of telephone conversations it may include information
such as the number making the call, the number receiving the call, and the
length of time the conversation lasted etc.3
The collective name given to these types of data is often referred to as
“traffic data”.4Furthermore, where calls are made using a mobile phone, the
mobile phone provider will be able at any time to ascertain the location of
the caller at the time of the call – referred to as “location data”.5Data of this
1I would like to say a special thank you to Marie Mc Gonagle and Sharon Mc Laughlin
for their continued help and support in the development of this Article.
2Gillespie, “Regulation of Internet Surveillance” (2009) 4 European Human Rights Law
Review 552
3O’Herlihy, “Legal Issues concerning the Monitoring of E-mail and Internet Use in the
Workplace in Ireland”, (2001) 8(7) Commercial Law Practitioner 160
4See Council of Europe, Co nvention on Cyber Crime, art.1. Article 1 defines “Traffic
Data” as “any computer data relating to a communicatio n by means of a computer
system, gener ated by a computer syst em that formed a part in the chain of commu -
nication, in dicating the communicati on’s origin, des tination, route, time, date, size,
duration, or type of underlying serv ice.” See also Edel O’Herlihy, “The Cybercrime
Convention: A pioneering Text of International Legal Scope?” (2003) 3(1) Hibernian
Law Journ al 145. “Traffic data paints a picture of o ne’s entire online activities, to
whom you communicate, what websites you visit, how often and at what times”
5The importance of location data was defended by the Council of the European Union.
“Subject: Data Ret ention”, Brussels, 28 October, 2005, p.4 availab le at http://www. ews/2005/oct/coun-d at-ret-28-10-05.pd f; In addition other t ypes of
data may be collected which is often referred to as “subscriber data”, which relates to
more personal information such as the ide ntity of the person making the phone call
or accessing the internet, such as name, billing address etc
HJ 05:Layout 1 01/07/2011 17:00 Page 119
nature can be easily stored and searched with simplicity, for example, by
monitoring our internet traffic alone, Law Enforcement Agencies (LEAs) can
easily learn where we shop, what we do in our free time and what our
interests are.6It is widely held that “as technology and business models
evolve, communications data will provide a very rich and colourful picture
of an individual’s interactions, associations, activities, thereabouts, and
interests”.7As Caspar Bowden, then Director of the Foundation for
Information Policy Research (FIPR) explains: “[t]raffic data constitutes a
near complete map of private life: whom everyone talks to (by e-mail and
phone), where everyone goes (mobile phone location co-ordinates), and
what everyone reads online (websites browsed)”8.
As information technology opens up new pathways of communication,
it also opens up new pathways of committing crime, crimes against both the
individual and the state.9As a result of this conflict, the subject of traffic
data10 has become a contentious issue among those who want to protect
privacy by restricting the disclosure of communications data to third parties,
on the one hand, and those who feel that limited disclosure is justifiable for
the objective of promoting certain “public interests”, on the other hand
LEA’s argue that they should be permitted to access communications data
for purposes of crime prevention and national security, and claim that access
to, and use of, communications data has been of significant benefit and
value.11 Most people in society would regard communications data as being
private information and accordingly should be treated as such.12
6Bignami, “Privacy and Law Enforcement in the European Union: The Data Retention
Directive” (2007) 8 Chicago Journal of International Law 233
7M Farrell, “Communications Data Retention in the UK” (2001) 3 E-Commerce Law
& Policy 11
8Bowden, “Closed Circuit Television for Inside Your Head: Blanket Traffic Data
Retention and the Emergency A nti-Terrorism Legislation” (2002) Duke Law &
Technology Review 0005
9For example , in the USA, from January 1 2009 through December 31 2009, there
were 336,655 tota l complaints filed with IC3. This is a 22.3 per cent increase com -
pared to 2008 w hen 275,284 complaints were r eceived. The number of complaints
filed per month, for 2009, averaged 28,055. Dollar loss of complaints referred to law
enforcement was at a n all time high in 2009, $559.7 million, compared to previous
years. Available at http://ww ort/2009_IC3Repor t.pdf
Internet Cri me Complaint Centre, 2009 Internet Crime Report (2010) available at
10 Zammit, “Traffic Dat a Retention un der EC Law – Implications for the Industry”
(2005) Computer and Telecommunications Law Review 17
11 According to the recent “leaked ” EU report that was prepared in ac cordance with
art.14 of the Data Retention Directive, not officially due out until September, the vast
majority of data requests across the EU—85 per cent—are made when the data is less
than seven months old, with the bulk of requests, 70 per cent, filed for data held for
less than three months. Statistics ga thered from member states “support the
conclusion that t he relevance of data decreases sig nificantly” with age. Available at
12 Bignami believes that “[a] world without data privacy would be a bit like a world in
HJ 05:Layout 1 01/07/2011 17:00 Page 120
Governments are, therefore, faced with a fragile balancing act between,
on the one hand, acknowledging the desires of civil liberties campaigners for
the protection of individuals’ privacy from state interference13 and, on the
other, recognising LEAs claims that, without such rights of access, it would
no longer be possible to effectively perform their functions in a growing era
of digitalisation.14
The controversy persists as to whether the surveillance of innocent people
can be justified as a “necessary evil”15 in the quest for national security and
public safety and, since the 9/11 attacks, the need for balance has become
increasingly more imperative. Developments in telecommunications have
made a significant impact on how terrorists approach their operations. An
example of how telecommunications have facilitated the operation of
terrorists can be evidenced from the Madrid bombings in 2006, in which
mobile phones reportedly played a preeminent part in the organisation and
the execution of the attack.16 Access to communications data by LEAs can,
therefore, be extremely favourable and can help counteract crime and save
lives. However, the question must be asked; to what extent should LEAs be
allowed to infringe the fundamental freedoms of innocent law abiding
citizens in order to protect the interests of society?17
which we were all animals in a zoo. Based on our millions of pieces of electronic data,
we would be the object of constant inspe ction by others. Like the giraffes and the
pandas, we would never be asked, “Excuse me, but do you mind if I look?” And, like
the giraff es and the pa ndas, we would never be able to reply “Yes, I do mind. Go
away!” Bignami, “Protecting privacy against the police in the European Union: The
Data Retention Directive” (2007) Chicago Journal of International Law
13 Hough, “Keeping it to Ourselves: Technology, Privacy, and the Loss of Reserve”,
Technology in Society, (2009) 31(4) pp.406–413
14 Rauhofer, “Just because you’re par anoid, doesn’t mean they’re not after you:
Legislative developme nts in relation to the mandatory retention o f communications
data in the European Union”. Scripted Volume 3, issue 4, June 2006
15 Sewell G and Barke r J R “Neither good, nor bad, but dang erous: surveillance as an
ethical paradox” (2001) 3 Ethi cs and Information Technology 183, who discuss the
idea that paradox surveillance c onfronts us with a constant ethical dilemma: it “is
useful but harmful ; welcome but offensive; a necessar y evil but an evil society.” See
also Marx, Undercove r: Police Surveillance in America (University of California,
Berkeley, 1988) and Marx, “Ethics for the New Surveill ance, Department of
Sociology, University of Colorado, USA. Justice Holmes of the United States Supreme
Court famous ly referred to police surveillance as a “ dirty business” in Ol mstead v
United States 277 US 438 (1928) In the same case Justice Brandeis wrote, “Discovery
and invention have made it possible for the government, by means far more effective
than stretching u pon the rack, to obtain disclosure in court of what is whispered in
the closet. The progre ss of science in fur nishing the government with means of
espionage is not likely to stop with wiretapping”
16 See CBC News, available at
17 Aquillina, “Public Security versus Privacy in Technology Law: A Balanci ng Act?”
Computer Law & Security Review 26(2), March (2010) 130–143
The 2006 EC Data Retention Directive: A Systematic Failure 121
HJ 05:Layout 1 01/07/2011 17:00 Page 121

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT