Today, a draft for a new law on data retention has been discussed in the Belgian Chamber of Deputies. Among other things, the draft provides for so-called “geographically targeted retention” of communications data, as the EU Commission has proposed to introduce throughout Europe.
The Belgian bill is a reaction to the Constitutional Court’s annulment of the country’s indiscriminate data retention law. In the future, call detail records and the mobile phone locations of all citizens in areas with certain crime rates are to be collected indiscriminately. The threshold is low enough to cover the Brussels region and probably most of the country. Data retention would also apply in “important infrastructures” such as highways, border areas, hospitals and parliament buildings. In the draft legislation, the Belgian government expresses the view that “targeted data retention” could cover the entire national territory, if the statistical criteria allow it. In case of an “alert level” of 3 or 4, meta-data is to be retained throughout the country. At the same time, a 4-month period for retaining all meta-data to prevent “billing fraud” is being proposed. IP addresses, IMEI, IMSI and MAC addresses are also to be collected indiscriminately in the future. In addition to telephone and Internet providers, e-mail and messenger providers (OTT services) would also be required to retain data.
MEP Dr. Patrick Breyer (Pirate Party, Group Greens/European Free Alliance) warns:
“The Belgian bill is a dangerous precedent for a new generation of data retention laws. Data-addicted surveillance authorities are trying to circumvent the top court rulings on the illegality of blanket communications and location data collection. They do not even shy away from tricks such as inventing the purpose of ‘fraud prevention’. By defiantly expanding the policy to additional data categories and services, these laws threaten to cause even greater harm to our freedom of communication than those that have previously been annulled.”
Plans violate citizens’ rights
In a legal opinion published in April, former EU judge Prof. Dr. iur. Vilenas Vadapalas states that the “targeted data retention” approach is not permissible in the broad form contemplated by the EU, and that there must be a “high” (not just above-average) incidence of serious crime in an area to justify the use of data retention. The opinion also discards France’s reliance on a “permanent threat to national security” to justify data retention.
“Quick Freeze” approach a viable solution
A proportionate solution would be the so-called “quick freeze” approach, meaning that data is preserved as soon as there is sufficient reason to do so. The German coalition agreement reads: “In view of the current legal uncertainty, the upcoming ruling of the European Court of Justice and the resulting security policy challenges, we will develop the regulations on data retention in such a way that data can be stored in a legally secure manner on an ad hoc basis and by judicial order.” The EU is waiting for the European Court of Justice to rule on the old German data retention law before deciding on whether to impose data retention throughout the EU. In the meantime, Member States such as Belgium or Denmark are proceeding with national schemes.