Tuesday, October 14, 2008

Ireland against the Data Retention Directive: AG nixes constitutional attack

From Digital Rights Ireland: (and thanks to Judith Rauhofer for the tip off)

"The Advocate General of the European Court of Justice has just given his Opinion (summary, PDF) on the Irish Government’s challenge and has recommended to the Court that the challenge should be rejected, holding that the Data Retention Directive was correctly dealt with as an internal market measure rather than a criminal justice measure (which would have required unanimity to pass). Opinions of the Advocate General aren’t binding but are generally followed by the Court, making it more likely that the Government’s challenge will now fail.

It’s important to point out, though, that this ruling only relates to the procedural way in which the Directive was passed. It doesn’t affect our case that the Directive breaches fundamental principles of human rights, and we still await a decision from the High Court referring these issues to the European Court of Justice."

Pangloss is speaking tomorrow at a Parliamentary and ISPA event on the UK consultation on implementing the DRD by March 2009, so this is rather timely. However as DRI points out, to some extent this is almost a side issue: the real issue continues to be whether it is proportional to the aim of reducing crime and terrorism to retain all forms of e-communications by te entire UK population for up to two years. In the UK consultation, a year's retention is recommended for e- and telecoms traffic to help cut down on serious crime; yet almost every example but one given in the document relates to an investigation which was solved using data retained for a matter of hours, days or weeks, not a year. How thus is one year the "proportionate" response to the invasion of privacy sanctioned?

I think it was Ray Corrigan (though I can't seem to find the reference, sorry!) who pointed out the bad science involved in the much quoted statement in the consultation, that retention for a full year was justified because, in a trial month in 2005:

"there were 231 requests for data relating to communications that had taken place between 6
and 12 months earlier. 60% of these requests were in support of murder and terrorism investigations and 26% of the requests were in support of other forms of serious crime including armed robbery and firearms offences. "

But the key point for such stats is how many requests were made in 2005 in TOTAL? Privacy International quote that figure as 439,000, drawn from government stats. Thus assuming a similar rate of request across the year, the requests for data over 6 months old were only 0.006% of all requests made in 2005. Does that justify retention for a year for every type of communication data, given the privacy implications? (And given the anecdotal evidence so far that such data is being requested by local authorities for purposes other than catching serious criminals or terrorists??

A nice quote, also from DRI and via B2fXX: ""Laws requiring monitoring of the entire population are astonishing in a democracy."

1 comment:

Adam said...

The Irish government has filed its case against the European Union's data retention directive in the European Court of Justice. Although it backs the principles of data retention, Ireland is arguing that the process used to pass the controversial Directive is wrong.


Internet marketing