[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] EU data retention proposal by .fr/.ie/.se/.uk



-> http://register.consilium.eu.int/pdf/en/04/st08/st08958.en04.pdf

--- snip ---

COUNCIL OF THE EUROPEAN UNION

						Brussels, 28 April 2004

8958/04

						CRIMORG 36
						TELECOM 82

COVER NOTE
from : the French Republic, Ireland, the Kingdom of Sweden and the United Kingdom
date of receipt : 28 April 2004
to : Javier Solana, Secretary-General/High Representative

Subject : Draft Framework Decision on the retention of data processed and stored in
connection with the provision of publicly available electronic communications
services or data on public communications networks for the purpose of
prevention, investigation, detection and prosecution of crime and criminal
offences including terrorism


Dear Sir,

Pursuant to Articles 31(1)(c) and 34(2)(b) of the Treaty on European Union, please find attached a
proposal by the French Republic, Ireland, the Kingdom of Sweden and the United Kingdom for the
adoption by the Council of a Draft Framework Decision on the retention of data processed and
stored in connection with the provision of publicly available electronic communications services or
data on public communications networks for the purpose of prevention, investigation, detection and
prosecution of crime and criminal offences including terrorism.

Pursuant to Article 17 of the Council's Rules of Procedure, we should be extremely grateful if you
would ensure that this initiative is published in the Official Journal and forwarded to the European
Parliament for an opinion.

(Complimentary close).


Signed:

Pierre SELLAL					Anne ANDERSON
The Permanent Representative			The Permanent Representative
of France					of Ireland

Sven-Olof PETERSSON			John GRANT
The Permanent Representative			The Permanent Representative
of Sweden					of the United Kingdom


Draft Framework Decision

on the retention of data processed and stored in connection with the provision of publicly
available electronic communications services or data on public communications networks for the
purpose of prevention, investigation, detection and prosecution of crime and criminal offences
including terrorism.


THE COUNCIL OF THE EUROPEAN UNION

Having regard to the Treaty on European Union, and in particular Article 31(1)(c) and Article 34 (2)(b)
thereof,

Having regard to the initiative of the French Republic, Ireland, the Kingdom of Sweden and the United
Kingdom,

Having regard to the Opinion of the European Parliament,

Whereas:

1. Offering a high level of protection in an area of liberty, security and justice requires that the
prevention, investigation, detection and prosecution of crime and criminal offences be carried out
in an adequate manner

2. The plan of action of the Council and the Commission on the best ways to implement the
provisions of the Treaty of Amsterdam on the establishment of an area of liberty, security and
justice, the conclusions of the European Council at Tampere on 15-16 October 1999, the
European Council at Santa Maria da Feira on 19-20 June 2000, the European Commission in its
scoreboard and the European Parliament in its resolution of 19 May 2000 call for an intervention
in the area of high tech crime.

3. The conclusions of the Council of 20 September 2001 call for care to be taken to ensure that the
forces of law and order are able to investigate criminal acts which involve the use of electronic
communications systems and to take measures against the perpetrators of these crimes, while
maintaining a balance between the protection of personal data and the needs of the law and order
authorities to have access to data for criminal investigation purposes. It is noted in the conclusions
of the Council of 19 December 2002 that, because of the significant growth in the possibilities
afforded by electronic communications, data relating to the use of electronic communications is
now a particularly important and valuable tool in the prevention, investigation, detection and
prosecution of crime and criminal offences, in particular organised crime and terrorism.

4. The Declaration on Combating Terrorism adopted by the European Council on 25 March 2004
instructed the Council to examine measures for establishing rules on the retention of
communications traffic data by service providers with a view to adoption by June 2005.

5. It is essential to retain data existing on public communications networks, generated in
consequence of a communication, hereafter referred to as data, for the prevention, investigation,
detection and prosecution of crimes and criminal offences involving the use of electronic
communications systems. This proposal relates only to data generated as a consequence of a
communication and does not relate to data that is the content of the information communicated. In
particular, it is necessary to retain data in order to trace the source of illegal content such as child
pornography and racist and xenophobic material; the source of attacks against information
systems; and to identify those involved in using electronic communications networks for the
purpose of organised crime and terrorism.

6. Preservation of specific data relating to specified individuals in specific cases is not sufficient to
meet these requirements. In investigations, it may not be possible to identify the data required or
the individual involved until many months or years after the original communication. It is
therefore necessary to retain certain types of data, which are already processed and stored for
billing, commercial or any other legitimate purposes, for a certain additional period of time in
anticipation that they might be required for a future criminal investigation or judicial proceedings.
This framework decision therefore concerns the retention of data and does not relate to the
preservation of data.

7. In recognition of the importance of the need to retain data, Article 15 of Directive 2002/58/EC
permits the adoption of legislative measures allowing, under certain conditions, retention of data
for the purposes of the prevention, investigation, detection or prosecution of crime and criminal
offences. This framework decision is not related to other objectives set out in Article 15 of this
Directive and therefore does not provide for rules on data retention for the purpose of
safeguarding national security (i.e. State Security), defence, public security. Nor is it related to the
unauthorised use of the electronic communication system when such use does not constitute a
criminal offence.

8. Many Member States have passed legislation concerning a priori retention of data for the
purposes of prevention, investigation, detection or prosecution of crime and criminal offences.
Work in this area is under way in other Member States. The content of this legislation varies
considerably between Member States.

9. The differences between the legislation in Member States is prejudicial to co-operation between
the competent authorities in the prevention, investigation, detection and prosecution of crime and
criminal offences. To ensure effective police and judicial co-operation in criminal matters, it is
therefore necessary to ensure that all Member States take the necessary steps to retain certain
types of data for a length of time within set parameters for the purposes of preventing,
investigating, detecting and prosecuting crime and criminal offences including terrorism. Such
data should be available to other member states in accordance with the instruments on judicial cooperation
in criminal matters adopted under Title VI of the Treaty on European Union. This
should also include instruments which were not adopted under this Title but which has been
acceded to by the member states and to which reference are made in the instruments on judicial
co-operation in criminal matters adopted under Title VI of the Treaty on European Union.

10. Such a priori retention of data and access to this data may constitute an interference in the private
life of the individual. However, such an interference does not violate the international rules
applicable with regard to the right to respect to privacy and the handling of personal data
contained, in particular, in the European Convention on the Protection of Human Rights of 4
November 1950, the Convention of the Council of Europe no.108 on the protection of persons in
respect of the automated handling of personal data of 28 January 1981, and the Directives
95/46/EC, 97/66/EC and 2002/58 EC where such interference is provided for by law and where it
is appropriate, strictly proportionate to the intended purpose and necessary within a democratic
society, and subject to adequate safeguards for the prevention, investigation, detection and
prosecution of crime and criminal offences including terrorism.

11. Taking into account both the need to ensure that data is retained a priori in an efficient and
harmonised way and the need to allow Member States ample room to make their own individual
assessments given the differences that exist between criminal justice systems, it is appropriate to
establish parameters for the a priori retention of data.

12. Data may be a priori retained for different periods of time depending on its type. The retention
periods for each type of data will be dependant on the usefulness of the data in relation to the
prevention, investigation, detection, and prosecution of crime and criminal offences and the cost
of retaining the data. The retention periods shall be proportionate in view of the needs for such
data for the purposes of preventing, investigating, detecting and prosecuting crime and criminal
offences as against the intrusion into privacy that such retention will entail from disclosure of that
retained data.

13. The drawing up of any lists of the types of data to be retained must reflect a balance between the
benefit to the prevention, investigation, detection, and prosecution of crime and criminal offences
of keeping each type of data against the level of invasion of privacy which will result.

14. The framework decision does not apply to access to data at the time of transmission, that is by the
monitoring, interception or recording of telecommunications.

15. Member states must ensure that access to retained data takes account of privacy rules as defined
in international law applicable to the protection of personal data.

16. Member States shall ensure that implementation of the Framework Decision involves appropriate
consultation with the Industry.

HAS ADOPTED THE PRESENT DECISION:


Article 1

Scope and Aim

1. This Framework Decision aims to facilitate judicial co-operation in criminal matters by
approximating Member States' legislation on the retention of data processed and stored by providers of
a publicly available electronic communications service or a public communications network, for the
purpose of prevention, investigation, detection and prosecution of crime or criminal offences including
terrorism.

2. This Framework Decision shall not apply to the content of exchanged communications, including
information consulted using an electronic communications network where that is defined in national
law.

3. A Member State may decide not to apply paragraph 1 of this Article, with regard to prevention of
crime or criminal offences as purposes for retaining data which is processed and stored, should the
Member State not find such purposes acceptable following any national procedural or consultative
processes. A Member State deciding to make use of this derogation at any time must give notice of this
decision to the Council and to the Commission.

4. This framework decision is without prejudice to:

- the rules applicable to judicial co-operation in criminal matters with regard to the
interception and recording of telecommunications;

- activities concerning public security, defence and national security (i.e. State security);

- national rules relating to the retention of data types which are not held by communication
service providers for business purposes.


Article 2

Definitions

1. For the purpose of this Framework Decision :

(a) The definition of the term ‘data’ in this framework decision includes traffic data and
location data as set out in Article 2 of the Directive 2002/58/EC, and is inclusive of
subscriber data and user data related to these data.

(b) User data means data relating to any natural person using a publicly available electronic
communications service, for private or business purposes, without necessarily having
subscribed to the service.

(c) Subscriber data means data relating to any natural person using a publicly available
electronic communications service for, private or business purposes, without necessarily
having used the service.

2. Data shall for the purpose of the Framework Decision include:

(a) Data necessary to trace and identify the source of a communication which includes personal
details, contact information and information identifying services subscribed to.

(b) Data necessary to identify the routing and destination of a communication.

(c) Data necessary to identify the time and date and duration of a communication.

(d) Data necessary to identify the telecommunication.

(e) Data necessary to identify the communication device or what purports to be the device.

(f) Data necessary to identify the location at the start and throughout the duration of the
communication.

3. These data include data generated by services provided within the following communication
infrastructures, architectures and protocols:

(a) Telephony excluding Short Message Services, Electronic Media Services and Multi Media
Messaging Services.

(b) Short Message Services, Electronic Media Services and Multi Media Messaging Services
provided as part of any telephony service.

(c) Internet Protocols including Email, Voice over Internet Protocols, world wide web, file
transfer protocols, network transfer protocols, hyper text transfer protocols, voice over
broadband and subsets of Internet Protocols numbers - network address translation data.
4. Future technological developments that facilitate the transmission of communications shall be
within the scope of this Framework Decision.


Article 3

Retention of data

Each Member State shall take the necessary measures to ensure that, for the purpose of providing
judicial co-operation in criminal matters, retained data processed and stored by providers of a public
communications network or publicly available electronic communications services inclusive of
subscriber data and user data related to these data, is retained in accordance with the provisions of this
framework decision, with a view to facilitating judicial co-operation in criminal matters.


Article 4

Time periods for retention of data

1. Each Member State shall take the necessary measures to ensure that data shall be retained for a
period of at least 12 months and not more than 36 months following its generation. Member States may
have longer periods for retention of data dependent upon national criteria when such retention
constitutes a necessary, appropriate and proportionate measure within a democratic society.

2. A Member State may decide to derogate from paragraph 1 of this Article, with regard to data
types covered by paragraph 2 of Article 2 in relation to the methods of communication identified in
paragraph 3(b) and 3 (c) of Article 2, should the Member State not find acceptable, following national
procedural or consultative processes, the retention periods set out in paragraph 1 of this Article. A
Member State deciding to make use of this derogation at any time must give notice to the Council and
to the Commission stating the alternative time scales being adopted for the data types affected. Any
such derogation must be reviewed annually.


Article 5

Access to data for the purpose of judicial co-operation in criminal matters

A request made by a Member State to another Member State, for access to data referred to in Article 2,
shall be made and responded to in accordance with the instruments on judicial co-operation in criminal
matters adopted under Title VI of the Treaty on European Union. The requested Member State may
make its consent to such a request for access to data subject to any conditions which would have to be
observed in a similar national case.


Article 6

Data Protection

Each Member State shall ensure that data retained under this Framework Decision shall be subject, as a
minimum, to the following data protection principles and shall establish judicial remedies in line with
the provisions of Chapter III on 'Judicial remedies, liability and sanctions' of Directive 95/46/EC:

(a) data shall be accessed for specified, explicit and legitimate purposes by competent authorities on a
case by case basis in accordance with national law and not further processed in a way
incompatible with those purposes;

(b) the data shall be adequate, relevant and not excessive in relation to the purposes for which they
are accessed. Data shall be processed fairly and lawfully;

(c) data accessed by competent authorities shall be kept in a form which permits identification of data
subjects for no longer than is necessary for the purpose for which the data were collected or for
which they are further processed;

(d) the confidentiality and integrity of the data shall be ensured.

(e) data accessed shall be accurate and, every reasonable step must be taken to ensure that personal
data which are inaccurate , having regard to the purposes for which they were collected or for
which they are further processed, are erased or rectified;


Article 7

Data Security

Each Member State shall ensure that data retained under this Framework Decision shall be subject, as a
minimum, to the following data security principles and regard shall be given to the provisions of Article
4 of the Directive:

(a) the retained data shall be of the same quality as those data on the network;

(b) the data shall be subject to appropriate technical and organisational measures to protect the data
against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or
access, and against all other unlawful forms of processing;

(c) all data shall be destroyed at the end of the period for retention except those data which have been
accessed and preserved;

(d) the process to be followed in order to get access to retained data and to preserve accessed data
shall be defined by each Member State in national law.


Article 8

Implementation

Member States shall take the necessary measures to comply with this Framework Decision by […..June
2007] within two years following the date of adoption.

By the same date Member States shall transmit the General Secretariat of theCouncil and to the
Commission the text of the provisions transposing into their national law the obligations imposed on
them under this Framework Decision. The General Secretariat of the Council shall communicate to the
Member States the information received pursuant to this Article.

The Commission shall by [ ….1st January 2008] submit a report to the Council assessing the extent to
which the Member States have taken necessary measures in order to comply with this Framework
Decision.


Article 9

Entry into force

This Framework Decision shall enter into force on the twentieth day following its publication in the
Official Journal of the European Union.


Done at Brussels,
					___________________

--- snap ---


-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de