The Council of the EU will ask the European Commission to prepare a “comprehensive study” on possible solutions for telecom data retention for law enforcement purposes. This is revealed by a draft of the Council’s conclusions discussed on Thursday 11 April in a working group.
Data retention is a sensitive issue, especially since the judgments of the Court of Justice of the EU have repeatedly invalidated national and European systems. In its ‘Digital rights Ireland’ judgment of April 2014 (see EUROPE 11056/24), the CJEU effectively invalidated the 2006 Directive, which allowed telecom operators to store their customers' telephone data for a maximum of 6 to 24 months so that police could use it for the purpose of preventing or investigating terrorism and serious crime, on the grounds that it seriously violated fundamental rights.
In December 2016, in its judgment ’Télé2Sverige' (see EUROPE 11694/16), the CJEU laid down additional red lines, holding that EU law precludes a generalised and undifferentiated storage of traffic and location data, even if Member States may provide, as a preventive measure and subject to conditions, for targeted storage of such data in order to combat serious crime.
Since then, Member States have consistently argued against remaining in legal limbo (see EUROPE 11825/6), while the European Commission has chosen not to replace its invalidated directive (see EUROPE 11275/5). In 2017, it promised guidelines on this subject, but they never came into being.
But the Member States do not intend to leave it there and have continued their reflection on data retention, in the Council of the EU working group. The draft conclusions, dated 27 March, of which EUROPE has had a copy, request the Commission, as a first step, to organise “targeted consultations” with the relevant stakeholders to assess the need for the necessary data to effectively fight serious crime and terrorism.
As a second step, it invites the Commission to prepare, on the basis of these consultations, a “comprehensive study” on possible solutions for data retention, including “the examination of a future legislative initiative” and to take stock of the work by the end of 2019.
Member States seem to expect more legal clarity from the study. It should also further support the concepts of general, targeted and restricted data retention and targeted access to retained data, the text states.
It should also take into account the CJEU case law and its possible developments and thus explore how “strong safeguards” and “possible limitations” could help to mitigate the impact of data retention on fundamental rights, while nevertheless ensuring the effectiveness of investigations. (Original version in French by Marion Fontana)