15 Retention of communications data
(25593)
8958/04
| Draft Framework Decision on the retention of data processed and stored in connection with the provision of publicly available electronic communications services or data on public communications networks for the purpose of prevention, investigation, detection and prosecution of crime and criminal offences including terrorism
|
Legal base | Articles 31(1)(c ) and 34(2)(b)EU; consultation; unanimity
|
Department | Home Office |
Basis of consideration | Minister's letter of 26 July 2004
|
Previous Committee Report | HC 42-xxii (2003-04), para 14 (9 June 2004)
|
To be discussed in Council | No date set
|
Committee's assessment | Legally and politically important
|
Committee's decision | Not cleared; information on progress requested
|
Background
15.1 This proposal by France, Ireland, Sweden and the United Kingdom
for a Framework Decision is concerned with harmonising the rules
in Member States on the retention by service providers of communications
data for the purpose of preventing, investigating, detecting and
prosecuting crime, including terrorism. Such data ('communications
traffic data') is information about communications, such as who
called whom and when, and includes telephone and internet subscriber
information, itemised telephone call records and mobile phone
location data. Such data does not include the content of any communication.
15.2 We considered this proposal on 9 June 2004.
We noted that although the proposal related only to data generated
as a consequence of a communication, rather than to its content,
such data might be used to trace the source of illegal content
as well as to identify those involved in the use of electronic
communications networks for the purpose of organised crime and
terrorism. We noted that the recitals to the proposal had concluded
that it was accordingly necessary to retain certain types of data,
which are already processed and stored for billing and other commercial
purposes, for an additional period of time for the purposes of
criminal investigations or judicial proceedings.
15.3 We raised three main points. First, we indicated
to the Minister that in a proposal which the United Kingdom was
co-sponsoring, we would have expected a more detailed and rigorous
regulatory impact assessment. We therefore asked the Minister
to comment in more detail on the likely costs of the proposal
for service providers and on whether it was the Government's intention
that these additional costs should be met from EU or other public
funds.
15.4 Secondly, we asked the Minister to explain
how the proposal would apply (if at all) to the substantial volume
of communications data relating to UK residents which was held
by US service providers on servers in the United States, where
there were no comparable retention requirements.
15.5 Finally, we considered that the proposal appeared
to diverge from the recommendations of the report of the Privy
Counsellor Review Committee chaired by Lord Newton of Braintree
in two ways: first, that the proposal would require retention
of data for the purpose of preventing or detecting and prosecuting
crimes of all kinds, and not just terrorism and other serious
crime, and, secondly, that the Review Committee had recommended
that the longest retention period for data should be one year,
whereas the present proposal would provide for retention for up
to three years.
The Minister's reply
15.6 In her letter of 26 July 2004 the Parliamentary
Under-Secretary of State at the Home Office (Caroline Flint) replies
to each of these points. On the question of the regulatory impact
assessment and the additional costs likely to be caused by the
proposal, the Minister says that she understands our expectation
of a more detailed and rigorous regulatory impact assessment but
that the impact of the proposal will depend on the extent to which
the current voluntary arrangements under Part 11 of the Anti-Terrorism,
Crime and Security Act 2001 are taken up. The Minister adds that
a voluntary Code of Practice for Retention of Communications Data
under the 2001 Act has been in operation since 5 December 2003,
that a number of communication service providers have volunteered
to retain communications data under the Code, with negotiations
continuing with other providers, and that the more service providers
volunteer to retain data, the less impact any future requirement
to do so will have.
15.7 The Minister comments that the Government will
be better placed to assess the impact of the draft proposal when
the extent of the take-up of the voluntary Code is clearer, and
that this is likely to be some time next year. The Minister adds
that the Government has been discussing the question of additional
costs with service providers volunteering to retain data, and
that appropriate contributions to those volunteers may be made
from public funds under section 106 of the 2001 Act.
15.8 The Minister confirms that the proposal does
not apply to the retention of communications data relating to
UK residents which is held by service providers based in the United
States, and that it would apply only to communications data processed
and retained by service providers based in the European Union.
The Minister adds that we are correct to note that there are no
comparable data retention requirements in the United States, but
explains that there are no comparable data protection requirements
in that country and that consequently there is no legal requirement
to destroy data that has no business purpose, as there is in the
EU.
15.9 In reply to our question why the proposal appeared
to diverge significantly from the recommendations of the report
of the Privy Counsellor Review Committee, the Minister replies
that she does not consider that it does.
15.10 In relation to the seriousness of the crime
for which data may be retained, the Minister states that the Review
Committee acknowledged the case for retaining data for public
interest purposes "such as helping in the prevention and
detection of terrorism and other serious crime", but adds
that the Government has "always taken the view that prevention
and detection of crime is such a public interest purpose".
The Minister points to the provisions of Part I of Chapter II
of the Regulation of Investigatory Powers Act 2000, which she
describes as making lawful "necessary and proportionate requirements
for disclosure of data for the purpose of preventing and detecting
crime". The Minister adds that the Government is seeking
to remove the "current disparity " between the purposes
for which data may be retained under the 2001 Act and the purposes
for which access to data may be obtained under the 2000 Act. (The
Minister does not explain what this disparity is, but it appears
to us that the grounds for obtaining data under section 22(2)
of the Regulation of Investigatory Powers Act 2000 may be wider
than the purposes for which provisions may be included in a code
of practice or agreement under section 102(3) of the Anti-terrorism,
Crime and Security Act 2001, since these latter must appear to
the Secretary of State to be necessary for safeguarding national
security or for "the prevention or detection of crime or
the prosecution of offenders which may relate directly or indirectly
to national security").
15.11 In relation to the period for which data may
be retained (and in respect of which the Review Committee recommended
a maximum of one year), the Minister states that the Government,
in its code of practice under the 2001 Act, seeks retention of
data for no longer than 12 months and that this objective remains
unchanged. The Minister further explains that the retention period
in the draft Framework Decision reflects differences of view by
the co-sponsors of the initiative and that the ultimate retention
period will be a matter for negotiation by the Member States.
The Minister adds that the Government's position on retention
periods is unchanged from that in the voluntary code, and that
it would take advantage of the derogation in the draft proposal
that the periods for any future mandatory data retention arising
from the proposal would not change those in the voluntary code.
Conclusion
15.12 We thank the Minister for her helpful letter.
We shall look forward to a clearer indication from the Minister
of the likely costs of this proposal when more is known of the
extent to which the current voluntary arrangements are being applied
in practice.
15.13 We note from the Minister's explanation
that the proposal does not apply to the retention of communications
data held on servers in the United States, even where the data
relates to persons resident in the United Kingdom. We accept that
a Framework Decision adopted at EU level cannot prescribe conduct
in third countries, but we note that it must also considerably
limit the utility of the proposal, since so much of the relevant
data is in fact held outside the EU.
15.14 We maintain our view that the proposal departs
from the recommendations of the Privy Counsellor Review Committee
in that it extends to the retention of data concerning crime of
all kinds and is not limited to terrorism and other serious crime.
We continue to believe that the proposal should be restricted
in this sense. However, we are grateful for the Minister's assurance
that the current maximum retention period of twelve months
will not be increased by reason of this proposal.
15.15 We shall hold the document under scrutiny
pending further information from the Minister on the negotiation
of the proposal.
|