Europe's data retention laws: dead or alive?
MEPs vs. the Council vs. the Commission
The European Parliament has voted overwhelmingly to back calls for proposed laws on data retention to be scrapped. If it were passed, the law would require ISPs and telcos to retain at least three years of data about their customer's communications. But the proposal has been widely criticised for being unworkable, expensive to implement, invasive, and unnecessary.
However, although Parliament's vote has been hailed a victory by organisation representing ISPs, the reality is that the body has no power over the future of the proposal. This is because it is a Pillar 3 proposal, that is, it was set in motion by member states, not the European Commission.
"The Parliament was just being "consulted" on the proposal under the Consultation Procedure and consequently has no power," explains Joe McNamee, EU policy director at the Political Intelligence consultancy.
Meanwhile, the Greens and the EFA group in parliament are calling for the European Court of Justice to rule on the legality of the proposal. The proposal deals with areas that, it could be argued, must be handled by Pillar 1, the Commission, which would give parliament the right to scrutinise the terms.
"Justice and home affairs ministers argue that this legislation is primarily focused on combating terrorism, and thus the need to act quickly justifies the circumventing of parliamentary scrutiny," notes Kathalijne Buitenweg, Green MEP for the Netherlands. "We do not agree, and the European Commission shares our view that this costly and hard-to-execute proposal, which has severe implications on privacy rights as well as business, deserves an appropriate legal base."
So what does this mean for the future of the bill? Is it dead, alive or merely wounded?
"As the Commission believes that the proposal is illegal, it is unlikely that it will proceed any further," McNamee told us. "That said, the Commission is producing its own proposal on data retention, which is unlikely to be substantially different. This is expected within weeks." ®
Sponsored: 2016 Cyberthreat defense report