1 / 19

Assessing the Efficiency of the Data Retention Directive

Assessing the Efficiency of the Data Retention Directive. Paul de Hert, Vrije Universiteit Brussel Lara Schartau. Terminology. Effectiveness = appropriateness of a measure. Was the goal reached? Efficiency = proper ratio of means and objective. Input-output ratio.

padgettj
Download Presentation

Assessing the Efficiency of the Data Retention Directive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assessing the Efficiency of the Data Retention Directive Paul de Hert, VrijeUniversiteitBrussel Lara Schartau

  2. Terminology • Effectiveness = appropriateness of a measure. • Was the goal reached? • Efficiency = proper ratio of means and objective. Input-output ratio. • Are the things done correctly? • Legitimacy in law: is the goal ok? • Proportionality in law (close to efficiency)= proper ratio of means and objective. Is there a balance between the fundamental rights in question? • Subsidiarity in lawcan the goal be reached using other means that guarantee a similar result, but with less rights infringements

  3. Data Retention Directive 2006/24/EC • Purpose and scope: • telecommunications providers required to collect location and traffic data of mobile and fixed network telephony, as well as Internet access, Internet e-mail and Internet telephony from their customers • based on former Article 95: harmonising measure • Data collection for the “investigation, detection and prosecution of serious crime” (Art.1) • Member States’ discretion: • retention period: 6 – 24 months (Art. 6) • Access to data (Art. 4) • Specification of provisions of data protection and security and safeguards (Art. 7 & 8) • annual statistics (Art. 10) Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC

  4. Judgement of the Court of Justice • Preliminary ruling under Article 267 TFEU from the High Court (Ireland) and the Verfassungsgerichtshof (Austria) • Joined cases • Case C‑293/12 Digital Rights Ireland Ltd v The Minister for Communications, Marine and Natural Resources, The Minister for Justice, Equality and Law Reform The Commissioner of the Garda Síochána Ireland and The Attorney General • Case C‑594/12 Kärntner Landesregierung, Michael Seitlinger and Christof Tschohl and others • Advocate General: P. Cruz Villalón • Judgement: April 8th 2014 • Ruling on the general validity of the Data Retention Directive

  5. Judgement step 1: is there an interference? -Interference with right to privacy (Art.7) & right to data protection (Art. 8) "wide-ranging, and it must be considered to be particularly serious” (37) -The essence of the rights is respected: e.g. "even though the retention of data (…) constitutes a particularly serious interference with those rights, it is not such as to adversely affect the essence of those rights given that, as follows from Article 1(2) of the directive, the directive does not permit the acquisition of knowledge of the content of the electronic communications as such” (39 & 40) Remark: idea of core elements of rights

  6. Judgement: second step: legitimacy of data retention? • Directive’s purpose is legal, as Article 7 and 8 allow for derogations, and legitimate • "The material objective of that directive is, therefore, to contribute to the fight against serious crime and thus, ultimately, to public security“ (41) “It is apparent from the case-law of the Court that the fight against international terrorism in order to maintain international peace and security constitutes an objective of general interest (…). The same is true of the fight against serious crime in order to ensure public security” (42)

  7. Judgement: third step: effectiveness of data retention • The instrument is appropriate: "the retention of such data may be considered to be appropriate for attaining the objective pursued by that directive" (49) • HOWEVER • “such an objective of general interest, however fundamental it may be, does not, in itself, justify a retention measure such as that established by Directive 2006/24 being considered to be necessary for the purpose of that fight” (51)

  8. Judgement: 4th step proportionality: 3 flaws Idea -“EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data” (54) FLAW 1)-Directive “covers, in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime” (57) It “fails to lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use” (60)

  9. FLAW 2) “it is not stated that the determination of the period of retention must be based on objective criteria in order to ensure that it is limited to what is strictly necessary” (64) FLAW 3) “relating to the security and protection of data (…), it must be held that Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data” (66)

  10. Judgement conclusion • “Having regard to all the foregoing considerations, it must be held that (…) the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter” (69)

  11. Efficiency in the Making of the Data Retention Directive • Erasmus University Rotterdam (2005) • Study conducted to inform Dutch position on data retention • sample of cases provided for by government, only cases in which historical data played a role • assesses input and output • critical of retention period longer than three months • Commission's Impact Assessment accompanying the proposal for the Directive • broader in scope given the primary purpose of the Directive • emphasis on effectiveness based on the presentation of single cases • efficiency: only inputs, no evidence on outputs Erasmus Universiteit Rotterdam. (2005). Wie wat bewaart die heeft wat. Onderzoek naar nut en noodzaak van een bewaarverplichting voor historische verkeersgegevens van telecommunicatieverkeer. Rotterdam: Erasmus University. European Commission. (2005). Commission Staff Working Document. Annex to the: Proposal for a Directive of the European Parliament and of the Council on the retention of data processed in connection with the provision of public electronic communication services and amending Directive 2002/58/EC. [SEC (2005) 1131]. Brussels: European Commission.

  12. Efficiency in Evaluations of the Data Retention Directive • Commission’s evaluations • Evaluation report (2011) • Evidence of Potential Impacts of Options for Revising the Data Retention Directive: Current approaches to data preservation in the EU and in third countries (2012) • Evidence on the necessity (2013) • Statistics on Requests for Data under the Data Retention Directive (2013) • Max-Planck-Institute (Germany) • Legal application, and, inter alia, efficiency (2008) • Assessing the absence of data retention (2011) • WODC 2013 (The Netherlands)

  13. Example 1: The Evaluation Report of the Commission • first report on data retention, published in 2008 • only nine Member States delivered statistics • statistics flawed due to varying interpretations of key definitions • inputs: e.g. intrusion into fundamental rights, costs, differentiation on the retention period and types of data • output: no numbers on the usefulness of the data (not required by the Directive) • findings: most requests are done in the first six months of an investigation (87%) •  no political consequences European Commission. (2011). Report from the Commission to the Council and the European Parliament. Evaluation report on the Data Retention Directive (Directive 1006/24/EC). [COM (2011) 225 final]. Brussels: European Commission.

  14. Example 2: Assessment by Max-Planck-Institute • Two scientific reports of criminological research group in 2008 & 2011 • 2008: Hans-Jörg Albrecht, Adina Grafe, Michael Kilchling • Method (2008): • Mixed-method approach relying on surveys, expert interviews and analysis of investigation dossiers • Indicators for measuring output (new leads, clearance, and conviction rate) vis-a-vis inputs • Some exemplary findings (2008): • Instrument used for all sorts of crimes, often not serious crimes (as defined in Germany) • Shorter retention period possible • 65% requests are considered to be not successful Albrecht, H-J., Grafe, A & Kilching, M. (2008). Rechtswirklichkeit der Auskunftserteilung über Telekommunikationsverbindungsdaten nach§§ 100g, 100h StPO. Forschungsbericht im Auftrag des Bundesministeriums der Justiz. Max-Planck-Institut: Freiburg.

  15. Efficiency in the Judicial Assessments in the Member States • Parts of transposition unconstitutional in Bulgaria, Romania, Germany, Cyprus and Czech Republic • Cases pending in Slovakia, Poland, Slovenia (and Hungary) • Ireland and Austria used Preliminary Ruling • Focus on national implementation laws (except for Romania) • All courts applied proportionality assessments, focusing on the access to the data, retention periods, data security • e.g. Germany: purpose limitation, data security, transparency and control against misuse • to our knowledge, no direct reference to efficiency in the court rulings, yet some courts criticised lack of evidence

  16. Future of the Data Retention Directive • Instrument as defined in Directive depicts violation of fundamental rights; particularly to the right to privacy and the right to data protection • Member States have still implemented a scheme • Operators are still under duty to store data • Austrian Constitutional Court annulled national scheme last Friday • Efficiency assessment as a means to improve (legislation on) law enforcement

  17. Future of regulation on surveillance • Keep on inviting policy makers to assess efficiency/subsidiarity not only proportionality • Considering impact assessments and sunset clauses

  18. Future of case law • Cynical: managing expectations about role judges • Constructive: Helping civil society and courts to obtain evidence about

  19. Read • A. GALETTA & P. DE HERT, ‘Complementing the Surveillance Law Principles of the ECtHR with its Environmental Law Principles: An Integrated Technology Approach to a Human Rights Framework for Surveillance’, Utrecht Law Review, 2014, vol. 10, no. 1, 55-75. http://www.utrechtlawreview.org/publish/articles/000005/article.pdf

More Related