Content Assessment: From Metadata to Mass Surveillance? European Data Retention Revisited
Information - 95%
Insight - 95%
Relevance - 95%
Objectivity - 90%
Authority - 95%
A short percentage-based assessment of the qualitative benefit of the recent post highlighting the new booklet from EDRi titled Digital Rights Revisited.
Editor’s Note: Shared with permission* from European Digital Rights (EDRi), an association of civil and human rights organizations from across Europe, the new booklet titled Data Retention Revisited explores the history of data retention in Europe, the legal framework, and the impact of data retention practices on fundamental rights. The booklet includes commentary on the intrusiveness of metadata and explores how necessity and proportionately fit into data retention practices, as well as its effectiveness, showcasing problems such as false positives and “technological solutionism.” The excellent booklet was written by researchers from the Information Law and Policy Lab in the Netherlands.
Data Retention Revisited
Authored by Melinda Rucz and Sam Kloosterboer
Following the judgments of the Court of Justice of the European Union in Digital Rights Ireland and Tele2/Watson, it appeared that the sun had set on blanket data retention in Europe. However, the data retention saga continues with renewed attempts to reinstate an EU legislative framework for blanket retention of telecommunications data. Data retention practices are highly privacy-intrusive as they reveal vast personal, even sensitive, information about the persons whose data is retained. Retention of telecommunications data discourages the contacting of single-purpose numbers and undermines the protection of journalistic sources. An inherently high risk of security breaches only amplifies these harmful effects of data retention, with numerous cyberattacks, data leaks, data abuses, and misuses documented.
In light of the far-reaching negative implications of data retention for fundamental rights, the Court of Justice of the European Union has required data retention practices to be strictly necessary. Nevertheless, the necessity of data retention for law enforcement purposes is most often simply assumed, while evidence is lacking about the marginal benefits of data retention compared to less intrusive alternatives. Moreover, data errors, incorrect interpretations, and false positives raise serious questions about the effectiveness of blanket data retention. The blind belief in the effectiveness of data-driven solutions manifests a worrying trend towards technological solutionism. While calls to reintroduce data retention often voice the need for harmonization and legal certainty, enforcing the Court’s judgments must be the default solution to ensure a harmonized approach to data retention in Europe. This report critically revisits the question of data retention and concludes that the ongoing aspirations to reintroduce a data retention obligation in the EU remain in violation of EU law as long as the strict necessity of data retention is unproved and no genuinely targeted retention obligation is considered.
- Socially Acceptable? EDBP Guidelines on the Targeting of Social Media Users
- From De-Identification to Re-Identification: Considering Personal Data Protection
* Redistributed with Permission Under the Creative Commons Attribution-ShareAlike 4.0 License