Terrorism and Data Retention: Persistent Predicaments in EU’s Policy

The Council Meeting on the EU Response to the London attacks of 13 July 2005 is producing a set of measures in an attempt to revitalize security within the EU. As part of the EU Counter-Terrorism package, the European Commission and the Council have put forward proposals on the retention of communications traffic data which provisions are highly problematic. First, their compliance with the principle of proportionality and effectiveness is open to discussion. Second, these measures do not fully comply with the European Convention on Human Rights and the EU framework on data protection. Finally, latest developments reveal worrying trends: an intense institutional race between the Council and the Commission. The result is a blurred EU policy and a weak protection for the individual.

The EU’s policy on «Freedom, Security and Justice» has some inbuilt elements that undermine its coherence and effectiveness. First, witness the political and institutional struggle taking place in order to ensure that the intergovernmental method of cooperation continues to reign over transnational policies on «Security». Second, the enduring legal complexity and obscurity product of the current divide of the fields of «Freedom» and «Security» between the so-called «EC First Pillar» and «EU Third Pillar».

This explains, in part, why the Council and the European Commission have recently presented parallel and competing legislative proposals regarding the retention of data processed and stored in connection with the provision of public electronic communication services. This sensitive data would be mainly related to mobile and fixed telephony and internet communication. Both proposals have indeed a great impact on fundamental rights, especially data protection.

The proposal made by the Council would, for instance, fall within the dimension of the Third Pillar, and would materialize in a form of Framework Decision. The use of the EU Third Pillar framework (i.e. Title VI Treaty on European Union) has been highly criticized because of its various weaknesses regarding the use of the unanimity rule, the lack of transparency, and the exclusion of the European Parliament and the European Court of Justice (democratic deficit). This goes along with the fact that the EU legal framework on Data Protection (especially Directives 95/36 and 2002/58) does not apply to Third Pillar-related issues.

On the contrary, we appreciate that the initiative presented by the Commission appears to bring more clarity and democratic accountability in comparison with its competitor from the Council. As this proposal falls within the First Pillar (i.e. Title IV EC Treaty), the European Parliament is involved through the co-decision procedure, and the EU legislation on data protection would apply to communication data retention.

While this discussion may sound too technical, it has deep implications on policy practices and the individual. Indeed, the use of the intergovernmental method in Justice and Home Affairs cooperation facilitates the emergence of more dispersed policies in the field of «Security», and, as a consequence, produces «less Europe».

There are several ways to circumvent these difficulties. To start with, the communitarisation of these policies and the use of the co-decision procedure would strongly alleviate most of the current vulnerabilities. In addition, «more Europe» would guarantee the democratic accountability of the legal acts being proposed and adopted through the direct involvement of the European Parliament and the European Court of Justice. In other words, it would set a positive movement towards a more legitimate policy response to the acts of political violence qualified as «terrorism».

The practical power of a security measure should be checked against the principle of proportionality which involves: One, a balanced relation between ends and means; two, that the measures adopted are the least restrictive to freedom. It is therefore unfortunate to highlight how disproportionate the measures foreseen by data retention are. First, the collection of data is indiscriminate. Member States will have to store every telecommunication transaction even the most banal of every individual within the EU. Second, the purposes of the retention are extremely wide: «investigation, detection and prosecution of crime and criminal offenses including terrorism.» One of the greatest weaknesses of the proposal is therefore that it sets out to «detect» criminals and terrorists by potentially putting the entire EU population under surveillance.

In fact, the current EU framework in the fight against terrorism is most critical as regards its impact on civil liberties and human rights. The need to strike a right balance between liberty and security while developing this transnational framework is now well known. Yet, as the ELISE research project (European Liberty and Security) funded by the DG for Research of the European Commission has shown, calls for liberty have been overridden by the security rationale. Security has invaded the dimensions of Freedom and Justice. In a word, the balance has been missed.

Those who promote the retention and storage of traffic electronic data claim that this does not hinder the right of privacy as provided by Article 8 of the European Convention on Human Rights. This is troublesome. The European Court of Human Rights has determined that the recording of traffic data violate Article 8 [Rotaru v. Romania]. The Court has also found indiscriminate surveillance unlawful if it lacked proper safeguards [Kruslin v. France.].

The fight against terrorism is a serious business. This fight is most challenging for liberal democracies. First, it requires political drive, financial resources and intellectual creativity. Second, it demands a set of policy instruments that do not undermine basic principles such as proportionality, the respect of the rule of law and fundamental rights. A different posture is dangerous for the sake of democracy and the rule of law. Provisions contained in the data retention schemes from the Council and the Commission may, if adopted as they are, undermine the values that EU considers crucial to its identity. This, without doubt, will be a serious policy drawback.

An edited version of this commentary was published in the European Voice.