Terrorism, racism force EU to store email data for a year

By Richard Norton-Taylor & Stuart Millar, Dawn, Thursday 22 August 2002

LONDON: Records of personal communications, including all emails and telephone calls, will be stored for at least a year under a proposal to be decided by EU governments next month.

Under the plan, all telecommunications firms, including mobile phone operators and internet service providers, will have to keep the numbers and addresses of calls and emails sent and received by EU citizens. The information, known as traffic data, would be held in central computer systems and made available to all EU governments.

The move could lead to a further extension in the powers of European security and intelligence agencies, allowing them to see the contents of emails and intercepted calls and faxes, civil liberty groups fear.

The plan, drafted in Brussels, has been leaked to Statewatch, an independent group monitoring threats to privacy and civil liberties in the EU.

The traffic data of the whole population of the EU—and the countries joining—is to be held on record. It is a move from targeted to potentially universal surveillance, Tony Bunyan, Statewatch editor, warned on Monday. EU governments claimed that changes to the 1997 privacy directive would not be binding on member states—each national parliament would have to decide. Now we know that all along they were intending to make it compulsory across Europe.

Although the move was initially explained by the need to fight terrorism, EU officials now argue it is necessary to fight all serious crime, including, paedophilia and racism.

A draft framework decision for the European council states that it is essential for all member states to apply the same rules. It said that the purpose was to harmonise the retention of traffic data to allow criminal investigation.

The decision is a victory for the UK which, encouraged by Washington, has been pushing for a compulsory EU-wide data retention regime. But civil liberties campaigners claim that compelling communications companies to retain the records of all their customers for long periods amounts to blanket surveillance on the entire EU population and will lead to law enforcement agencies conducting fishing expeditions against innocent citizens.

The EU admits the plan involves an invasion of privacy but says the periods for which it must be retained—a minimum of 12 months and a maximum of 24 months—is not disproportionate.

The data would include information identifying the source, destination, and time of a communication, as well as the personal details of the subscriber to any communication device.

For law enforcement agencies to access the data, the draft EU decision gives a minimum list of offences, including participation in a criminal organisation, terrorism, trafficking in human beings, sexual exploitation of children, drug trafficking, money-laundering, fraud, racism, hijacking and motor vehicle crime.

It states that the confidentiality and integrity of retained traffic data must be ensured but does not say how. Individuals have no right to check whether the information held about their personal communications is accurate or legally challenge decisions about its use by EU authorities.

A member state will not be able to refuse a request for information from another member state on human rights or privacy grounds. There is also no common EU list of crimes caught by the plan or of public agencies which could demand the information. But there is one element in the EU plan that the Britain will not welcome. It says that personal data could be handed to security services and law enforcement authorities only with judicial approval.

In Britain, the regulation of investigatory powers act allows law enforcement and intelligence agencies to access personal communications data covering a wide range of purposes, including public health and tax collection, without any court or executive warrant.-Dawn/The Guardian News Service.