GLOBAL INTERNET LIBERTY
CAMPAIGN
NEWS
ISSUES
RESOURCES
ABOUT
GILC
English version | Version française
12 November 2001
Prime Minister Guy Verhofstadt
President, EU Council of Ministers
Rue de la Loi 16, 1000 BRUXELLES
Dear President Verhofstadt:
We write to you on behalf of a wide range of civic organizations in the United States and Europe to express our concern regarding the request of President Bush that the proposed EU directive on the protection of privacy in the electronic communications sector (COM(2000)385) be altered to allow for data retention regarding the communications of Europeans and consequently of Americans. While we support the President's efforts to take appropriate steps to reduce the risk of terrorism and to work with government leaders to protect public safety, we do not believe that this proposal is appropriate or necessary.
First of all, under United States law there is no similar obligation for data retention by telecommunications companies. US federal law recognizes a need to preserve data once a particular investigation is underway, but it does not create a general obligation for communication carriers to retain records on customers that are no longer required by the carriers. President Bush is asking European governments to impose obligations on European companies that would not be imposed on US companies.
Second, the European Privacy Commissioners and Members of the European Parliament have opposed efforts to create new data retention obligations. In the letter of 7 June 2001 to Mr. G–ran Persson, President of the Council of the European Union, the Chairman of the Article 29 Working Group wrote that "systematic and preventive storage of EU citizens communications and related traffic data would undermine the fundamental rights to privacy, data protection, freedom of expression, liberty and presumption of innocence."
In a July 2001 report by the European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs, Committee Members made clear that restrictions to safeguard public security and conduct criminal investigations should be appropriate, proportionate and limited in time and that general or exploratory electronic surveillance on a large scale should not be allowed. The Members also noted that Member States should not have a general right to request whatever traffic and location data they wished without the authorities stating a specific reason as to why such information was needed, and that information should not be stored longer than was necessary for the transmission of data and for traffic management purposes.
Third, because communications data often moves between the United States and Europe, European data retention requirements would directly and adversely affect the privacy rights of Americans. There is a significant risk, if this proposal goes forward, that US law enforcement agencies will seek data held in Europe that it could not obtain at home, either because it was not retained or because US law would not permit law enforcement access.
Fourth, the retention of personal information that would otherwise be destroyed upon the completion of its intended use creates new privacy and security risks for citizens. Vast databases of personal data now include sensitive medical information as well as data revealing political opinions, religious and philophical beliefs. These new retention requirements will create new risks to personal privacy, political freedom, and public safety.
Further, the privacy commissioners have recognized that one of the best privacy safeguards is to minimize the collection of personal data where possible. They have consistently affirmed that confidentiality of communications is one of "the most important elements of the protection of the fundamental right to privacy and data protection as well as of secrecy of communications", and that "any exception to this right and obligation should be limited to what is strictly necessary in a democratic society and clearly defined by law." A blanket retention of all traffic data for hypothetical criminal investigations and for a long period of time would not respect these basic conditions.
We note also that governments on both sides of the Atlantic have sought to make secret public information that would otherwise assist the public in understanding the threats it now faces. We do not believe it draws the proper balance in a democratic society for the activities of government to be concealed from public scrutiny while the private activities of citizens are made open to government.
Finally, we believe it is inconsistent with well established international norms for communications privacy, such as Article 8 of the European Convention on Human Rights and Article 12 of the Universal Declaration of Human Rights, for governments to compel the retention of private information for surveillance purposes. Confidentiality of communication is a central tenet of modern democratic society. Proposals to reduce the privacy of citizens will undermine the strength of the democratic state.
We have contacted President Bush regarding our concerns. We respectfully urge you not to take any steps at this time that may reduce the privacy of citizens.
Sincerely,
American Civil Liberties Union
New York, USA
The Association for the Defense of Human
Rights in Romania - The Helsinki Committee
Bucharest, Romania
Association for Progressive Communications
Johannesburg, South Africa
Bits of Freedom
Amsterdam, Netherlands
Center for Democracy and Technology
Washington, USA
Center for National Security Studies
Washington, USA
Chaos Computer Club
Hamburg / Berlin, Germany
Computer Professionals for Social Responsibility
Palo Alto, USA
Digital Rights
Copenhagen, Denmark
EKPIZO (Consumers Association The Quality of Life)
Athens, Greece
Electronic Frontier Finland
Finland
Electronic Frontier Foundation
San Francisco, USA
Electronic Privacy Information Center
Washington, USA
Essential Information
Washington, USA
Foundation for Information Policy Research
London, UK
Irish Council for Civil Liberties
Dublin, Ireland
The Multiracial Activist and
Abolitionist Examiner
Alexandria, United States
National Consumers League
Washington, USA
NetAction
San Francisco, CA
Privacy International
London, UK
Privacy Rights Clearinghouse
San Diego, USA
Privacy Times
Washington, USA
Privacy Ukraine
Kyiv, Ukraine
quintessenz.org
Vienna, Austria
Sighisoara Durabila
Sighisoara, Romania
Statewatch
London, UK
StrawberryNet Foundation
Bucharest, Romania
Swiss Internet User Group (SIUG)
Z¸rich, Switzerland
VIBE!AT - Association for Internet Users
Austria
XS4ALL Internet
Amsterdam, Netherlands
ZAnet Internet Services
Witkoppen, South Africa
cc: President George W. Bush
REFERENCES
Proposal for a European Parliament and Council directive concerning
the processing of personal data and the protection of privacy in the
electronic communications sector (COM(2000) 385 - C5-0439/2000 -
2000/0189(COD))
http://www3.europarl.eu.int/omk/omnsapir.so/calendar?APP=PV2&PRG=CALEND&
LANGUE=EN&TPV=PROV&FILE=010906
http://www3.europarl.eu.int/omk/omnsapir.so/pv2?PRG=CALEND&APP=PV2&
LANGUE=EN&TPV=PROV&FILE=010906
Letter from Article 29 Data Protection Working Party to Mr G–ran Persson,
Acting President of the Council of the European Union, June 7, 2001
http://www.statewatch.org/news/2001/jun/07Rodota.pdf
EU Data Protection Working Party Article 29, Opinion 7/2000 on the European Commission Proposal for a Dir. of the Eur. Parl. and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector of 12 July 2000 COM (2000) 385 (2 Nov. 2000), reprinted in M. Rotenberg, The Privacy Law Sourcebook, United States Law, International Law, and Recent Developments 437 (EPIC 2001)
Committee on Citizens' Freedoms and Rights, Justice and Home Affairs,
Report on the proposal for a European Parliament and Council
Directive concerning the processing of personal data and the
protection of privacy in the electronic communications sector, July
13, 2001.
http://www2.europarl.eu.int/omk/OM-Europarl?PROG=REPORT&L=EN&PUBREF=
-//EP//TEXT+REPORT+A5-2001-0270+0+NOT+SGML+V0//EN&LEG_ID=5
EU Forum on CyberCrime, Discussion Paper for Expert's Meeting on
Retention of Traffic Data, November 6, 2001
http://europa.eu.int/information_society/topics/telecoms/internet/crime/wpapnov/index_en.htm
EU Forum on CyberCrime, Plenary Session, November 27, 2001
http://europa.eu.int/information_society/topics/telecoms/internet/crime/forum/index_en.htm