Politech: FC: U.K. firms protest Euro plan for email, web, Usenet recordkeeping

[Declan McCullagh <declan () well com>]

---

http://www.thetimes.co.uk/article/0,,5-2001213193,00.html 
   PLANS by Brussels to force Internet service providers (ISPs), such as
   BT and AOL, to store detailed logs of their customers Web activities
   a retrograde step that could compromise privacy and damage e-commerce.

http://www.thescotsman.co.uk/business.cfm?id=83701
  THE CBI criticised the government's failure to block EU proposals that
  will allow member states to impose blanket data retention on telecoms
  and ISPs. 

---

Related news:

Europe weighs recording all phone calls, Net traffic for 7 yrs 
http://www.politechbot.com/p-02035.html

More on Europe recording phone calls, Net traffic for 7 years 
http://www.politechbot.com/p-02043.html

---

http://www.cbi.org.uk/ndbs/press.nsf/0363c1f07c6ca12a8025671c00381cc7/ccfce800c251d49c80256a7300507a26?OpenDocument
     
   CBI DISMAYED BY GOVERNMENT STANCE ON DATA RETENTION
   The CBI is alarmed and dismayed the government has failed to block
   plans in Brussels that will allow member states to impose blanket data
   retention requirements on telecommunication and internet service
   providers (ISPs).
   
   "We are dismayed that senior officials in Brussels, including those
   from UK, have agreed an amendment to the telecommunications data
   protection directive, which will allow member states to impose blanket
   data retention requirements on their own service providers.
   "We believe this will undermine trust and confidence in elelctronic
   commerce and discourage investment in e-commerce in the EU", said the
   CBI's Head of E Business, Nigel Hickson.
   The CBI urges the minister of state for e-commerce Douglas Alexander
   and colleagues in other member states to veto this proposal when it
   comes before the Telecommunications Council on Wednesday June 27.
   In the last few days Brussels officials have paved the way for member
   states to provide for mass retention of data on e-mail recipients,
   addresses of websites visited and data on times when customers log
   into ISP's.
   Currently such service providers are only allowed to retain such data
   for billing purposes.
   "We call on the Government to take all action to prevent unwanted
   traffic data retention requirements on service providers. So we
   strongly urge the DTI to ensure the UK vetoes any weakening of Data
   Protection laws when this is discussed at the Council of Ministers
   this month. We will also be lobbying the Home Office in a similar
   vein" said John Stewart, chair of the CBI's E-business Council.
   
   22 June, 2001
   Notes to Editors:
   The European Union is currently reviewing directive 97/66/EC which
   deals with data protection in the telecommunications sector. There
   have been calls from the law enforcement community to amend Article 6,
   which currently prohibits data retention, allowing member States to
   demand data retention by service providers. The directive has been
   discussed by the Committee of Permanent Representatives in Brussels
   (COREPER) and will be voted on by the EU Telecoms Council on June 27.
   
   Please note Traffic Data does not mean e-mail content. It covers
   information about internet activity; for example 1) addresses of
   people you have sent email to. 2) websites visited. 3) newsgroups
   used. 4) times people log in and log out of ISP's.
   
   Media Contact:
   Sam Parkhouse, CBI Press Office: 020 7395 8093 - e-mail:
   sam_parkhouse () cbi org uk
   
   Out of hours pager no 076 2680 9070.
   
---

http://www.statewatch.org/news/2001/jun/07retention.htm

     Statewatch Observatory on Surveillance in Europe (S.O.S.Europe)

     EU governments' to decide on retention of telecommunications data
     (including internet usage) by law enforcement agencies
     
     - Commission and Data Protection Working Party oppose move
     - UK leading the campaign for data retention
     ______________________________________________________________
     
     The debate over the retention of telecommunications data by EU
     states for the purposes of giving access to the law enforcement
     agencies is reaching the crunch stage. At the Telecommunications
     Council in Brussels on 27-28 June the decision may be made to back
     demands by the UK and other governments for data to be retained for
     use by the agencies. The European Commission are strongly opposed
     to the changes as are a number of the rapporteurs in the European
     Parliament.
     
     The chair of the EU's Article 29 Data Protection Working Party has
     sent letters to the President of the European Parliament, Mr Prodi
     of the Commission and the Council expressing its strong opposition
     to any changes in the draft measure: Letter from Rodota: full-text
     
     The battle lines in the Council at the beginning of June showed the
     incoming Belgian Presidency and the current Swedish Presidency
     backed by the UK demanding changes - to the planned new EU
     Directive on personal data and the protection of privacy in the
     field of electronic commerce - to allow the retention of
     telecommunications data for law enforcement agencies. Opposing this
     move were Greece, Italy, Netherlands and the Commission.
     
     At the Telecommunications Council on Wednesday it will be open to
     the Council (the 15 EU governments) to back the demand now fronted
     by the UK.
     
     The new Directive, which is simply intended to update the current
     laws, has to be agreed under the co-decision procedure whereby the
     the Council, Commission and Parliament have to agree on the new
     measure.
     
     The background is on the Statewatch Observatory on Surveillance in
     Europe: S.0.S. Europe
     ______________________________________________________________
     
     The latest available draft of the Council's discussions on its
     "common position" shows that the demands of the law enforcement
     agencies are centred to two key provisions in the draft new
     Directive: Article 6 on "Traffic data" and Article 15 which allows
     EU states to derogate from the provisions on an individual basis
     and allow law enforcement agencies access to traffic data
     (including internet usage). Draft dated 31 May (9337/01): Full-text
     (pdf file)
     
     The first key provision, Article 6.1. on Traffic data reads as
     follows:
     
     "1. Traffic data relating to subscribers and users processed and
     stored by the provider of a public communications network or
     service must be erased or made anonymous when it is no longer
     needed for the purpose [upon completion] of the transmission of a
     communication without prejudice to the provisions of paragraphs 2,
     3, and Article 15, paragraph 1 4." (bold are changes proposed by
     the Council; the [] show deletions)
     
     These changes were put forward by the Swedish Presidency of the EU.
     A number of EU governments and the Commission oppose the addition
     of the reference to Article 15. However, in a footnote there is an
     alternative wording put forward by Belgium, the incoming EU
     Presidency from 1 July. This reads as follows where "B" stands for
     Belgium:
     
     " Alternative text proposed by B for Article 6, paragraph 1:
     "Traffic data relating to subscribers and users processed for the
     purpose of the transmission of a communication and stored by the
     provider of a public communications network or service may upon
     completion of the transmission only be processed for legitimate
     purposes as determined by national law or applicable instruments.
     Within the scope of this directive, those purposes can be no other
     than those mentioned in paragraphs 2 and 3".
     
     The effect of this proposal is to delete the provision that data
     should be erased or made anonymous and to insert another purpose
     (ie: other than for checking billing for customers) saying it can
     be "processed for legitimate purposes determined by national law" -
     in other words it would allow each EU member state adopt a law
     saying data may be retained for law enforcement purposes for
     periods of 12 moths to 7 years.
     
     The discussion in the Council (between the governments)
     
     Another document, also dated 31 May, reveals much more detail of
     the discussion in the Council and the differences between EU
     governments. Both of these documents need to be placed in context.
     Both are intended to lead to the adoption by the Council of a
     "common position" on the proposed new Directive before the European
     Parliament has completed its First Reading vote and adoption of its
     report. Strictly the Council should wait for the parliament but it
     applies an informal "rule" (created by the Council) which says the
     parliament has only three months to decide its position.
     
     Moreover, the formulation that the law to allow data retention for
     law enforcement agencies should be agreed at national law will
     allow government "spin-doctors" to say that it is not binding and
     that therefore there is no EU policy on the issue - an examination
     of the background documents produced since last autumn show that
     for data usage to work for law enforcement purposes it has to
     operate in every EU country and in all the applicant countries.
     
     The second document: Text (9356/01)  reveals the divisions between
     the EU governments. The report opens by noting that the Commission
     has proposed that Article 6.1 remain intact - that is, to maintain
     EC law as set out in the existing Directive which says that traffic
     data "must be erased or made anonymous on completion of the
     transmission, except for billing purposes". It goes on to say:
     
     "Three delegations (B, S, UK) have placed a reservation on the
     Commission proposal by requesting the abandonment of paragraph 1 on
     the principle of the erasure of data or making it anonymous. These
     delegations in fact hold that this principle does not take into
     account the needs of the repressive authorities" (translation from
     French)
     
     B, S & UK stands for the incoming Belgian Presidency of the EU,
     Sweden the current EU Presidency and the UK. The Telecommunications
     Working Party was unable to resolve the differences because of:
     
     "the refusal by certain delegations (GR, I, NL) and by the
     Commission to see the text of the present directive changed on this
     point. The latter underline the importance and sensitivity of this
     issue which affects human rights and fundamental rights."
     
     Thus Greece, Italy and the Netherlands together with the Commission
     oppose the change. The Commission and Italy also opposed a change
     to Article 15 put forward by the UK. The grounds on which national
     laws can derogate from the basic principles, including the
     obligation to erase traffic data, are different in the two current
     EU Directives. The grounds in the General Data Protection Directive
     are broader than those in the later Directive on Telecommunications
     Data Protection this was because the latter covers the principle of
     the confidentiality of communications. The General Directive covers
     many sectors and a large range of data roles. The UK wants to
     change this and insert the broad range of exceptions, plus adding
     public health, which would allow national laws to derogate from the
     protections now in force.
     
     Indeed the intention of the UK is quite explicit, it wants to
     ensure that Article 15 allows the general retention of data and the
     Swedish Presidency is proposing that the following is added to
     Article 15.1:
     
     "Member States may provide for the retention of data for a limited
     period justified on the grounds of Article 15.1 in conformity with
     the general principles of community law"
     
     Data Protection Working Party letter
     
     The EU's Data Protection Working Party has sent a very strongly
     worded letter to the President of the European Parliament, the
     President of the European Commission and the Presidency of the
     Council of the European Union. Their views speak for themselves:
     
     "It is not acceptable that the scope of initial data processing is
     widened in order to increase the amount of data available for law
     enforcement objectives. Any such changes in these essential
     provisions that are directly related to fundamental human rights,
     would turn the exception into a new rule. Systematic and preventive
     storage of EU citizens' communications and related traffic data
     would undermine the fundamental rights to privacy, data protection,
     freedom of expression, liberty and presumption of innocence. Could
     the Information Society still claim to be a democratic society
     under such circumstances ?"
     ______________________________________________________________
     



-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------