The 2006 EC Data Retention Directive: A systematic failure

• Date: 01 January 2011
• Author: Stephen Mcgarvey

The 2006 EC Data Retention Directive: A

Systematic Failure

STEPHEN MCGARVEY1

Introduction

Since the 1970s the relationship between data protection and law enforce ment

enhancement has been dramatically altered by the progression of technology.

Undoubtedly, the increasing growth of information technology and, in

particular, the internet, has had an impact on the private life of citizens not seen

since the industrial revolution. In our daily use of telecommunication

applications, all our images and personal details are perpetually recorded by

surveillance cameras, security systems and a great number of other devices, and

thus with this technology rich lifestyle we produce millions of pieces of data.2

In the case of electronic mail for example, data recorded may include such

things as the time the e-mail was sent, the person to whom it was sent, the size

of the file etc. In the case of telephone conversations it may include information

such as the number making the call, the number receiving the call, and the

length of time the conversation lasted etc.3

The collective name given to these types of data is often referred to as

“traffic data”.4Furthermore, where calls are made using a mobile phone, the

mobile phone provider will be able at any time to ascertain the location of

the caller at the time of the call – referred to as “location data”.5Data of this

1Iwouldlike to say a special thank you to Marie Mc Gonagle and Sharon Mc Laughlin

for their continued help and support in the development of this Article.

2Gillespie, “Regulation of Internet Surveillance” (2009) 4 European Human Rights Law

Review 552

3O’Herlihy, “Legal Issues concerning the Monitoring of E-mail and Internet Use in the

Workplace in Ireland”, (2001) 8(7) Commercial Law Practitioner 160

4See Council of Europe, Convention on Cyber Crime, art.1. Article 1 defines “Traffic

Data” as “any computer data relating to a communication by means of a computer

system, generated by a computer system that formed a part in the chain of commu -

nication, indicating the communication’s origin, destination, route, time, date, size,

duration, or type of underlying service.” See also Edel O’Herlihy, “The Cybercrime

Convention: A pioneering Text of International Legal Scope?” (2003) 3(1) Hibernian

Law Journal 145. “Traffic data paints a picture of one’s entire online activities, to

whom you communicate, what websites you visit, how often and at what times”

5The importance of location data was defended by the Council of the European Union.

“Subject: Data Retention”, Brussels, 28 October, 2005, p.4 available at http://www.

statewatch.org/news/2005/oct/coun-dat-ret-28-10-05.pdf; In addition other types of

data may be collected which is often referred to as “subscriber data”, which relates to

more personal information such as the identity of the person making the phone call

or accessing the internet, such as name, billing address etc

HJ 05:Layout 1 01/07/2011 17:00 Page 119

nature can be easily stored and searched with simplicity, for example, by

monitoring our internet traffic alone, Law Enforcement Agencies (LEAs) can

easily learn where we shop, what we do in our free time and what our

interests are.6It is widely held that “as technology and business models

evolve, communications data will provide a very rich and colourful picture

of an individual’s interactions, associations, activities, thereabouts, and

interests”.7AsCaspar Bowden, then Director of the Foundation for

Information Policy Research (FIPR) explains: “[t]raffic data constitutes a

near complete map of private life: whom everyone talks to (by e-mail and

phone), where everyone goes (mobile phone location co-ordinates), and

what everyone reads online (websites browsed)”8.

As information technology opens up new pathways of communication,

it also opens up new pathways of committing crime, crimes against both the

individual and the state.9As a result of this conflict, the subject of traffic

data10has become a contentious issue among those who want to protect

privacy by restricting the disclosure of communications data to third parties,

on the one hand, and those who feel that limited disclosure is justifiable for

the objective of promoting certain “public interests”, on the other hand

LEA’s argue that they should be permitted to access communications data

for purposes of crime prevention and national security, and claim that access

to, and use of, communications data has been of significant benefit and

value.11Most people in society would regard communications data as being

private information and accordingly should be treated as such.12

6Bignami, “Privacy and Law Enforcement in the European Union: The Data Retention

Directive” (2007) 8 Chicago Journal of International Law 233

7M Farrell, “Communications Data Retention in the UK” (2001) 3 E-Commerce Law

& Policy 11

8Bowden, “Closed Circuit Television for Inside Your Head: Blanket Traffic Data

Retention and the Emergency Anti-Terrorism Legislation” (2002) Duke Law &

Technology Review 0005

9For example, in the USA, from January 1 2009 through December 31 2009, there

were 336,655 total complaints filed with IC3. This is a 22.3 per cent increase com -

pared to 2008 when 275,284 complaints were received. The number of complaints

filed per month, for 2009, averaged 28,055. Dollar loss of complaints referred to law

enforcement was at an all time high in 2009, $559.7 million, compared to previous

years. Available at http://www.ic3.gov/media/annualreport/2009_IC3Report.pdf

Internet Crime Complaint Centre, 2009 Internet Crime Report (2010) available at

http://www.ic3.gov/media/annualreport/2009_IC3Report.pdf

10Zammit, “Traffic Data Retention under EC Law – Implications for the Industry”

(2005) Computer and Telecommunications Law Review 17

11According to the recent “leaked” EU report that was prepared in accordance with

art.14 of the Data Retention Directive, not officially due out until September, the vast

majority of data requests across the EU—85 per cent—are made when the data is less

than seven months old, with the bulk of requests, 70 per cent, filed for data held for

less than three months. Statistics gathered from member states “supportthe

conclusion that the relevance of data decreases significantly” with age. Available at

http://www.digitalrights.ie/category/data-retention/

12Bignami believes that “[a] world without data privacy would be a bit like a world in

120STEPHENMcGARVEY

HJ 05:Layout 1 01/07/2011 17:00 Page 120

Governments are, therefore, faced with a fragile balancing act between,

on the one hand, acknowledging the desires of civil liberties campaigners for

the protection of individuals’ privacy from state interference13and, on the

other, recognising LEAs claims that, without such rights of access, it would

no longer be possible to effectively perform their functions in a growing era

of digitalisation.14

The controversy persists as to whether the surveillance of innocent people

can be justified as a “necessary evil”15in the quest for national security and

public safety and, since the 9/11 attacks, the need for balance has become

increasingly more imperative. Developments in telecommunications have

made a significant impact on how terrorists approach their operations. An

example of how telecommunications have facilitatedthe operation of

terrorists can be evidenced from the Madrid bombings in 2006, in which

mobile phones reportedly played a preeminent part in the organisation and

the execution of the attack.16Access to communications data by LEAs can,

therefore, be extremely favourable and can help counteract crime and save

lives. However, the question must be asked; to what extent should LEAs be

allowed to infringe the fundamental freedoms of innocent law abiding

citizens in order to protect the interests of society?17

which we were all animals in a zoo. Based on our millions of pieces of electronic data,

we would be the object of constant inspection by others. Like the giraffes and the

pandas, we would never be asked, “Excuse me, but do you mind if I look?” And, like

the giraffes and the pandas, we would never be able to reply “Yes, I do mind. Go

away!”Bignami, “Protecting privacy against the police in the European Union: The

Data Retention Directive” (2007) Chicago Journal of International Law

13Hough, “Keeping it to Ourselves: Technology, Privacy, and the Loss of Reserve”,

Technology in Society, (2009) 31(4) pp.406–413

14Rauhofer, “Just because you’re paranoid, doesn’t mean they’re not after you:

Legislative developments in relation to the mandatory retention of communications

data in the European Union”. Scripted Volume 3, issue 4, June 2006

15Sewell G and Barker J R “Neither good, nor bad, but dangerous: surveillance as an

ethical paradox” (2001) 3 Ethics and Information Technology 183, who discuss the

idea that paradox surveillance confronts us with a constant ethical dilemma: it “is

useful but harmful; welcome but offensive; a necessary evil but an evil society.” See

also Marx, Undercover: Police Surveillance in America (University of California,

Berkeley, 1988) and Marx, “Ethics for the New Surveillance, Department of

Sociology, University of Colorado, USA. Justice Holmes of the United States Supreme

Court famously referred to police surveillance as a “dirty business” in Olmstead v

United States277 US 438 (1928) In the same case Justice Brandeis wrote, “Discovery

and invention have made it possible for the government, by means far more effective

than stretching upon the rack, to obtain disclosure in court of what is whispered in

the closet. The progress of science in furnishing the government with means of

espionage is not likely to stop with wiretapping”

16See CBC News, available at http://www.cbc.ca/fifth/warwithoutborders/bombing.html

17Aquillina, “Public Security versus Privacy in Technology Law: A Balancing Act?”

Computer Law & Security Review 26(2), March (2010) 130–143

The 2006 EC Data Retention Directive: A Systematic Failure121

HJ 05:Layout 1 01/07/2011 17:00 Page 121