Select Committee on European Scrutiny Thirty-Second Report


15 Retention of communications data

(25593)

8958/04

Draft Framework Decision on the retention of data processed and stored in connection with the provision of publicly available electronic communications services or data on public communications networks for the purpose of prevention, investigation, detection and prosecution of crime and criminal offences including terrorism

Legal baseArticles 31(1)(c ) and 34(2)(b)EU; consultation; unanimity
DepartmentHome Office
Basis of considerationMinister's letter of 26 July 2004
Previous Committee ReportHC 42-xxii (2003-04), para 14 (9 June 2004)
To be discussed in CouncilNo date set
Committee's assessmentLegally and politically important
Committee's decisionNot cleared; information on progress requested

Background

15.1 This proposal by France, Ireland, Sweden and the United Kingdom for a Framework Decision is concerned with harmonising the rules in Member States on the retention by service providers of communications data for the purpose of preventing, investigating, detecting and prosecuting crime, including terrorism. Such data ('communications traffic data') is information about communications, such as who called whom and when, and includes telephone and internet subscriber information, itemised telephone call records and mobile phone location data. Such data does not include the content of any communication.

15.2 We considered this proposal on 9 June 2004. We noted that although the proposal related only to data generated as a consequence of a communication, rather than to its content, such data might be used to trace the source of illegal content as well as to identify those involved in the use of electronic communications networks for the purpose of organised crime and terrorism. We noted that the recitals to the proposal had concluded that it was accordingly necessary to retain certain types of data, which are already processed and stored for billing and other commercial purposes, for an additional period of time for the purposes of criminal investigations or judicial proceedings.

15.3 We raised three main points. First, we indicated to the Minister that in a proposal which the United Kingdom was co-sponsoring, we would have expected a more detailed and rigorous regulatory impact assessment. We therefore asked the Minister to comment in more detail on the likely costs of the proposal for service providers and on whether it was the Government's intention that these additional costs should be met from EU or other public funds.

15.4 Secondly, we asked the Minister to explain how the proposal would apply (if at all) to the substantial volume of communications data relating to UK residents which was held by US service providers on servers in the United States, where there were no comparable retention requirements.

15.5 Finally, we considered that the proposal appeared to diverge from the recommendations of the report of the Privy Counsellor Review Committee chaired by Lord Newton of Braintree in two ways: first, that the proposal would require retention of data for the purpose of preventing or detecting and prosecuting crimes of all kinds, and not just terrorism and other serious crime, and, secondly, that the Review Committee had recommended that the longest retention period for data should be one year, whereas the present proposal would provide for retention for up to three years.

The Minister's reply

15.6 In her letter of 26 July 2004 the Parliamentary Under-Secretary of State at the Home Office (Caroline Flint) replies to each of these points. On the question of the regulatory impact assessment and the additional costs likely to be caused by the proposal, the Minister says that she understands our expectation of a more detailed and rigorous regulatory impact assessment but that the impact of the proposal will depend on the extent to which the current voluntary arrangements under Part 11 of the Anti-Terrorism, Crime and Security Act 2001 are taken up. The Minister adds that a voluntary Code of Practice for Retention of Communications Data under the 2001 Act has been in operation since 5 December 2003, that a number of communication service providers have volunteered to retain communications data under the Code, with negotiations continuing with other providers, and that the more service providers volunteer to retain data, the less impact any future requirement to do so will have.

15.7 The Minister comments that the Government will be better placed to assess the impact of the draft proposal when the extent of the take-up of the voluntary Code is clearer, and that this is likely to be some time next year. The Minister adds that the Government has been discussing the question of additional costs with service providers volunteering to retain data, and that appropriate contributions to those volunteers may be made from public funds under section 106 of the 2001 Act.

15.8 The Minister confirms that the proposal does not apply to the retention of communications data relating to UK residents which is held by service providers based in the United States, and that it would apply only to communications data processed and retained by service providers based in the European Union. The Minister adds that we are correct to note that there are no comparable data retention requirements in the United States, but explains that there are no comparable data protection requirements in that country and that consequently there is no legal requirement to destroy data that has no business purpose, as there is in the EU.

15.9 In reply to our question why the proposal appeared to diverge significantly from the recommendations of the report of the Privy Counsellor Review Committee, the Minister replies that she does not consider that it does.

15.10 In relation to the seriousness of the crime for which data may be retained, the Minister states that the Review Committee acknowledged the case for retaining data for public interest purposes "such as helping in the prevention and detection of terrorism and other serious crime", but adds that the Government has "always taken the view that prevention and detection of crime is such a public interest purpose". The Minister points to the provisions of Part I of Chapter II of the Regulation of Investigatory Powers Act 2000, which she describes as making lawful "necessary and proportionate requirements for disclosure of data for the purpose of preventing and detecting crime". The Minister adds that the Government is seeking to remove the "current disparity " between the purposes for which data may be retained under the 2001 Act and the purposes for which access to data may be obtained under the 2000 Act. (The Minister does not explain what this disparity is, but it appears to us that the grounds for obtaining data under section 22(2) of the Regulation of Investigatory Powers Act 2000 may be wider than the purposes for which provisions may be included in a code of practice or agreement under section 102(3) of the Anti-terrorism, Crime and Security Act 2001, since these latter must appear to the Secretary of State to be necessary for safeguarding national security or for "the prevention or detection of crime or the prosecution of offenders which may relate directly or indirectly to national security").

15.11 In relation to the period for which data may be retained (and in respect of which the Review Committee recommended a maximum of one year), the Minister states that the Government, in its code of practice under the 2001 Act, seeks retention of data for no longer than 12 months and that this objective remains unchanged. The Minister further explains that the retention period in the draft Framework Decision reflects differences of view by the co-sponsors of the initiative and that the ultimate retention period will be a matter for negotiation by the Member States. The Minister adds that the Government's position on retention periods is unchanged from that in the voluntary code, and that it would take advantage of the derogation in the draft proposal that the periods for any future mandatory data retention arising from the proposal would not change those in the voluntary code.

Conclusion

15.12 We thank the Minister for her helpful letter. We shall look forward to a clearer indication from the Minister of the likely costs of this proposal when more is known of the extent to which the current voluntary arrangements are being applied in practice.

15.13 We note from the Minister's explanation that the proposal does not apply to the retention of communications data held on servers in the United States, even where the data relates to persons resident in the United Kingdom. We accept that a Framework Decision adopted at EU level cannot prescribe conduct in third countries, but we note that it must also considerably limit the utility of the proposal, since so much of the relevant data is in fact held outside the EU.

15.14 We maintain our view that the proposal departs from the recommendations of the Privy Counsellor Review Committee in that it extends to the retention of data concerning crime of all kinds and is not limited to terrorism and other serious crime. We continue to believe that the proposal should be restricted in this sense. However, we are grateful for the Minister's assurance that the current maximum retention period of twelve months will not be increased by reason of this proposal.

15.15 We shall hold the document under scrutiny pending further information from the Minister on the negotiation of the proposal.


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2004
Prepared 28 October 2004