Legal base	(a) Articles 31(1)(c) and 34(2)(b) EU; consultation; unanimity (b) Article 95 EC; codecision; QMV
Department	Home Office
Basis of consideration	(b) Minister's letter of 8 December 2005
Previous Committee Report	(a) and (b) HC 34-vii (2005-06), para 11 (26 October 2005
To be discussed in Council	No date set
Committee's assessment	Legally and politically important
Committee's decision	(a) Not cleared; further information requested (b) Cleared

Background

9.1 Persons providing communications services commonly retain, for their own business purposes, 'communications traffic data' i.e. information about communications, such as who called whom and when, and including telephone and internet subscriber information, itemised telephone call records and mobile phone location data. Such data does not include the content of any communication, but it can be of considerable assistance in the prevention, detection, investigation and prosecution of crime, including terrorism. It has therefore been considered necessary to retain certain types of data, already processed and stored for billing and other commercial purposes, for an additional period of time for the purposes of criminal investigations or judicial proceedings.

9.2 The matter was the subject of a proposal by France, Ireland, Sweden and the United Kingdom for a Framework Decision under the EU Treaty, a revised version of which we considered on 26 October 2005 (document (a)). Shortly before that, the Commission made a proposal for a Directive under Article 95EC (document (b)). The proposal was made in response to concerns by the European Parliament, and shared by the Commission, about the legal base of the proposed Framework Decision. In their view, the proposal was concerned with the harmonisation of categories of data to be retained and the periods for storing data and were matters which fell under EC competence and the relevant measures would need to be adopted under Article 95EC.

9.3 We also considered the draft Directive on 26 October, noting that it adopted much of the text of the draft Framework Decision, but did not make provision for access to retained data or for judicial cooperation in criminal matters. We noted that the Directive sought to harmonise Member States' provisions relating to data in order to ensure that the data was available for the purpose of preventing, investigating, detecting and prosecuting serious criminal offences such as terrorism and organised crime. It also made a derogation from Directive 2002/58/EC[30] on the processing of personal data and the protection of privacy in the electronic communications sector so as to permit Member States to adopt measures to ensure that relevant data was retained and provided to competent authorities but only for the purpose of preventing, investigating, detecting and prosecuting serious criminal offences.

9.4 The provisions of Article 6 gave us cause for concern. This Article provided for a committee of representatives of the Member States, but chaired by the Commission, to review an Annex to the Directive which would specify the types of data to be retained. We asked the Minister if the Government was content that such a sensitive issue as the identification and listing of data to be retained was an appropriate matter to be delegated to the Commission under the comitology procedure.

9.5 We also noted that the Directive provided for a data retention period of 12 months, except for data relating to communications using the Internet protocol, where the retention period was to be six months, and that Member States were to be required to reimburse data providers in respect of the "demonstrated additional costs" of complying with the obligations imposed by the Directive.

9.6 We noted that there were now two proposed methods of dealing with this issue, one under the EU Treaty and one under the EC Treaty and we asked the Minister to explain further if the Government had any preference for a particular approach and for her assessment of the legal and political consequences of accepting that an EC instrument may be adopted for the purposes of crime prevention and investigation.

The Home Secretary's reply

9.7 In his letter of 8 December 2005 the Secretary of State for the Home Department (Mr Charles Clarke) informs us of the progress of negotiations on the Directive and attaches to his letter a copy of the text as it emerged form the Justice and Home Affairs Council on 1-2 December. The Home Secretary explains that the Council agreed a general approach by a qualified majority on the text, that it would be considered by the European Parliament at its plenary session on 12-14 December and that if the European Parliament agreed with the text it would be submitted for adoption at a later Council.

9.8 The Home Secretary summarises the changes which have been made to the Directive as follows:

"The draft of the Directive agreed by the Council would require all EU telecommunication service providers to retain the data now listed in Article 4 of the Directive on telephone calls and on Internet access, Internet telephony, and Internet email. Unsuccessful call data — where a call is connected but not answered — is included within the scope of the Directive but is now only required to be retained where it is already stored by providers. A new recital was included to clarify retention obligations including that they be carried out in a way to avoid data being retained more than once and may be limited to the providers' own services or the network providers'. The Directive leaves it to the Member States to deal with the issue of costs.

"The Directive provides that data be retained for the purpose of investigating, detecting and prosecuting of serious crime, as defined by each Member State in its national law. The comitology arrangements in the Commission's draft Directive have been deleted and replaced with an article requiring an evaluation and review (Article 12). The evaluation will consider whether the list of data to be retained and the periods for its retention remain accurate given any technological progress and issues arising from the implementation of this measure. Member States believed that this form of review would be more effective in meeting Member States concerns and needs than a comitology committee.

"In response to concerns from some Member States and the European Parliament, the text now includes an article (Article 11bis) that requires Member States to ensure that access to or transfer of data without permission is punishable by effective, proportionate and dissuasive administrative or criminal sanctions. The Government is content with this Article. The revised Directive also includes an article setting out data protection principles, in line with the European Community's Data Protection Directive.

"Some Member States retained concerns about the legal base for this proposal and continued to argue that the measure should be based on Article 31 of the Treaty on European Union rather than Article 95 of the Treaty establishing the European Community. However, the majority took the view that this measure was focused on approximating the obligations on providers and was therefore an internal market measure. The Government supported this position.

"The Information Commissioner, Richard Thomas, has had the opportunity of briefing from officials and law enforcement on the objective of the instruments for retention of communications data and on the practical value which retained communications data has to law enforcement and national security investigators. He has indicated to officials that he understands there is a balance to be made between data protection obligations to erase communications data to protect individual's privacy and retaining communications data to protect the public's safety. He has taken the benefit of that briefing into his discussions with his European counterparts to help inform where that balance should appropriately and proportionately be drawn. I shall want to ensure the Commissioner continues to be consulted about taking forward and developing mechanisms for retention of communications data, for safeguarding that data and ensuring any such data is disclosed only necessarily and proportionately."

Conclusion

9.9 We thank the Home Secretary for his account of the discussions in the Council. We welcome the changes which have been made to the draft Directive, in particular the removal of the provisions delegating to the Commission the identification and listing of data to be retained.

9.10 We also welcome the provisions of Article 3bis which provide for access by competent authorities to data in accordance with national law, and the express reference in that Article to the necessity and proportionality requirements under the European Convention on Human Rights. We also agree that the question of costs should be left to each Member State rather than being prescribed by the Directive.

9.11 We note the position in relation to the European Parliament, and we are content to clear document (b) from scrutiny so that the proposal may subsequently be adopted in its present form. We shall hold the draft Framework Decision (document (a)) under scrutiny, pending further information from the Minister as to whether it will now be withdrawn or amended.