What now? Data Retention Scenarios After the ECJ Ruling
In its first part the paper recalls the history of data retention legislation in the European Union. The directive was born in the post 9/11 world, when fear of terrorism peaked. This is the context of the 2006 legislation and the subsequent implementations by the member states. The paper examines the directive and the rationale behind the two-years conservation of metadata. Further on the paper will examine the reasons for the directive annulment, its privacy implications and the proportionality principle.
In its second part the paper maps the consequences of the repealing. At the policy level this marks a growing concern about civil rights and a more rational view of security necessities. Commission and Parliament will have to take this into account. On the other hand the national legislations that implemented the invalid directive are still in place and possible scenarios should be examined as to their validity.
Repercussions will probably influence the data protection reform -voted by the European Parliament in first reading- and the Trade and Investment Partnership, for which negotiations are ongoing and that should regulate the data flows between EU and the USA. The new scenario will be important also for business, from the telco companies to the growing “Big data” industry, where data generated by mobile networks was to be leveraged for a lot of uses. As the major reason for the retention was criminal investigations, digital forensics will be influenced too, seen that the big datasets were a key enabler in many respects.
The position paper ends with some proposals on what can be done now to rebalance correctly the security and investigation necessities with fundamental liberties, recognising that the directive was in fact unbalanced but also that some level of retention is probably needed. On the backdrop obviously loom the 2013 NSA scandals, from which we learned that also from anonymised metadata is very easy to identify individual users.
KeywordsNational Legislation Data Retention Criminal Investigation Digital Forensic Police Cooperation
Unable to display preview. Download preview PDF.
- [CSCG14] CEN-CENELEC-ETSI Cyber Security Coordination Group: “Recommendations for a Strategy on European Cyber Security Standardisation”, 2014 (http://www.cscg.focusict.de)
- [ECJ14] European Court of Justice: “Judgment of the Court of 8 April 2014 in joined cases C-293/12 and C-594/12”Google Scholar
- [EU06] “Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provisions of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC”. In: “Official Journal of the European Union” 13.4.2006Google Scholar
- [Guar13] Guarino, Alessandro: “Digital Forensics as a Big Data Challenge”. In: “ISSE 2013 Securing Electronic Business Processes”, Springer, 2013, p. 197-203.Google Scholar
- [Masy14] Masys, Anthony (ed.): “Networks and Network Analysis for Defence and Security (Lecture Notes in Social Networks)”, Springer, 2014.Google Scholar