Verbatim report of proceedings

Tuesday, 23 October 2012 - Strasbourg

17. Revision of the current data retention framework (debate)

  President. − The next item is:

– the oral question to the Commission on a revision of the current data retention framework, by Alexander Alvaro, Sophia in ‘t Veld, Sarah Ludford, Renate Weber, Louis Michel, Jens Rohde and Nathalie Griesbeck, on behalf of the Group of the Alliance of Liberals and Democrats for Europe (O-000124/2012 - B7-0355/2012),

– the oral question to the Commission on a revision of the current data retention framework, by Judith Sargentini, Carl Schlyter, Jan Philipp Albrecht, Eva Lichtenberger, Amelia Andersdotter and Christian Engström, on behalf of the Group of the Greens/European Free Alliance (O-000125/2012 - B7-0356/2012),

– the oral question to the Commission on a revision of the current data retention framework, by Juan Fernando López Aguilar, Sylvie Guillaume, Claude Moraes and Dimitrios Droutsas, on behalf of the Group of the Progressive Alliance of Socialists and Democrats in the European Parliament (O-000126/2012 - B7-0357/2012),

– the oral question to the Commission on a revision of the current data retention framework, by Cornelia Ernst, on behalf of the Confederal Group of the European United Left – Nordic Green Left (O-000128/2012 - B7-0358/2012), and

– the oral question to the Commission on a revision of the current data retention framework, by Axel Voss, Manfred Weber, Simon Busuttil, Véronique Mathieu, Anna Maria Corazza Bildt, Carlos Coelho and Salvatore Iacolino, on behalf of the Group of the European People’s Party (Christian Democrats) (O-000154/2012 - B7-0362/2012).

  Alexander Alvaro, author. − (DE) Mr President, Commissioner, ladies and gentlemen, this is not the first time we have met to discuss this issue, although it may be the first time that we have met at this hour. The question now arising, slowly but surely, is this: when will our debate about data retention finally be at an end? A great many Member States and their constitutional courts have decided that it is not compatible with national constitutions. The Irish High Court referred the matter to the European Court of Justice, and countless citizens in the Member States have not only expressed disquiet and incomprehension about data retention but reject it outright.

I hate to say it, but our assessment all those years ago, when this issue was first discussed in 2005, was correct. We have legal issues which are unresolved; we have economic issues relating to data retention which are unresolved; and we have technical issues which are unresolved. Above all, we have social issues which are unresolved. The Commission’s evaluation report clearly showed the extent to which the approach to data retention, procedures and use vary between the Member States. In some countries, for example, the coastguard can access dossiers of retained data; in others, authorities can make a verbal request. The evaluation report also showed that everything has been achieved, except for harmonisation on issues of data retention. The question whether it is needed at all is still unanswered.

In that sense, the authors are rightly asking when we can expect a new initiative from the Commission. It is time to stop flogging a dead horse, which is what data retention is. I would hope that we will have the opportunity to discuss a reform before the end of this legislative term and, in particular, to hear the Commission’s proposals during this debate. I hope we will find out more this evening.

I do not want to speak for too long, so let me finish by saying this: I am sure you will have noticed from my comments that we are all getting very tired of this issue. I personally would greatly welcome it if we could find a solution to this sorry state of affairs at European level and perhaps even deal with the issue in an objective manner.

  Judith Sargentini, author. − (NL) The Group of the Greens/European Free Alliance actually has a very simple question for you, Ms Malmström. When can we expect the revision of the Data Retention Directive? Your answer could actually be very simple too: ‘very soon, Ms Sargentini, because Parliament has been waiting for it for some time’.

I am afraid though that you are not going to give me that answer and you seem to have put the revision of the Directive on the back burner. The reason for this is rather harsh, I think, and it is that the Member States cannot prove that the Data Retention Directive is useful, but they are also reluctant to give up the right to store our telecoms and internet data. In fact, they want to retain that right.

There is no European law that violates privacy on such a large scale as this law, which stores European citizens’ data without them being under suspicion, without obtaining permission from a court and without demonstrable results. While you dawdle over the revision of the retention obligation, you have dragged Germany before the European Court because it refuses to comply with this law. If no one can prove that it works, it is time to abolish the Directive on storing data traffic and to replace it with an alternative, a quick freeze for example, where a court is involved and where we record and store part of the data, targeting a specific suspect. Targeted investigations, judicial control and no unnecessary violation of privacy.

Therefore, Ms Malmström, once again, please confront those Member States, remember what we saw with ACTA, that there are many people in Europe who cherish their privacy, who are willing to use activism and who can help you to change these governments’ minds.

  Sylvie Guillaume, author. − (FR) Mr President, Commissioner, ladies and gentlemen, I am happy that this debate on the revision of the 2006 Directive is taking place, even if it is late, it is a little cold in here and some of us are hungry.

It is a debate that we have a duty to hold on behalf of the citizens, who are increasingly asking questions about how their personal data is used in a number of fields. This Directive is particularly controversial in a number of regards, as shown by the repeals of the German, Czech and Romanian transposing legislation by the competent constitutional courts.

What is at issue here? The main problem is the intrusive nature of the Directive with regard to privacy and data protection. While there is clearly no question of challenging the benefits of collecting connection data for criminal investigation purposes, some issues, in particular those raised by the European Data Protection Supervisor, remain topical as long as there is no proposal for a revision on the table.

We would therefore like the Commissioner to provide some answers to assuage the concerns that I think we share on a number of points, such as the need for a clear demonstration that such a system is necessary and proportional, compliance with the principle of legitimate purpose, which, as we know, is currently used extensively by some Member States, and, finally, possible ways of keeping data in a less intrusive way than at present.

Here, as in many other debates, we must find a balance, however difficult that may be, between security imperatives and the protection of freedoms.

In a society where information and communication technologies are omnipresent, the protection of personal data, which is a fundamental right, must be strengthened and must not remain a purely theoretical right enshrined in the Charter of Fundamental Rights.

Commissioner, this is the type of action that we would like you to take. Thank you in advance.

  Cornelia Ernst, author. − (DE) Mr President, this is a never-ending story. I have lost count of the times we have discussed it here. It is a shameful situation that it takes an oral question today to elicit information from the Commission about what it plans to do next with regard to data retention. Let me be frank: instead of deluding itself, the Commission should stop playing games and should face up to reality. That includes admitting that data retention has failed.

The Commission’s aim of establishing uniform rules is quite simply misguided. One reason is that some Member States, due to their constitutional arrangements, are not in a position to transpose the European Directive. What’s more, we have a patchwork of arrangements in the other countries which have transposed the Directive. Some countries store data for six months, others for a year. Some only use the data when investigating serious crime; others use the data to investigate minor delictions. It is a terrible mess, and I do not think we have ever seen anything like it.

Now you are taking action against the German Government by referring the matter to the European Court of Justice. Curiously, you argue that Germany’s failure to transpose the Directive is likely to have a negative effect on the internal market and on the ability of the German police to investigate and prosecute serious crime. What did you get that from? How did you come up with that? No one can possibly know whether that claim is true. In fact, studies have revealed a very different picture. The available information includes not only the judgments of the courts and related studies. They also include activity reports such as those produced by the German Bundestag’s Research Services, which is genuinely above suspicion. In 2011, the Research Services found no significant evidence that data retention offers any benefits for the investigation of crime. The reports such as that produced by the Max Planck Institute in 2012 are also beyond reproach. That report states that data retention is of no use whatsoever in the investigation of murders, robberies, child pornography and internet crime.

Let me say this, Ms Malmström. If the Commission has nothing new to contribute here, you should at least suspend the Directive pending the judgment of the European Court of Justice. Aside from that, we are calling for a Europe-wide ban on the retention of communications data where there is no reasonable suspicion of wrongdoing.

  Axel Voss, author. − (DE) Mr President, Commissioner, the tragic case of 15-year-old Amanda Todd from Canada a few days ago has shown us once again that there are some forms of behaviour on the internet which are harmful to other people. In this particular instance, it was cyber bullying, which is on the increase here in Europe as well. However, it is also about combating internet-based terrorism, crime in general and child abuse in particular, organised crime, right-wing extremism, and phishing. The UN Office on Drugs and Crime has now spoken out in favour of international standards for data retention. Of course, overall, we need to achieve a balance between fundamental rights and sound law enforcement by government authorities. In the case of Amanda Todd, the Anonymous hackers’ group has pledged to identify the bullies, but this kind of vigilante justice on the internet is not what we want either.

So those who say that data retention must be abolished are oversimplifying the matter. The same applies to those who are opposed to data retention but offer no solutions to the problem or fail to take proper account of the rights of the victims of internet crime. In my view, successful investigations, such as the identification of the person responsible for the attack in Toulouse, demonstrate the need for data storage and for data retention.

In its present form, the Directive does not yet appear to have achieved the balance that is necessary. That may be why it seems so important to bring forward a new and improved proposal based on the recommendations made in the 2011 evaluation.

More generally, however, it is completely unacceptable for the unity of European law, or indeed compliance with European law in this matter to be completely undermined by the German Justice Minister. Only last Monday, the Parliamentary State Secretary in Germany’s Federal Ministry of Justice stated during a meeting of the Petitions Committee that the German Government would not bring forward a proposal for the transposition of the Data Retention Directive. Until the issues of transposition and the reform of the Directive are clarified, no such legislation will be forthcoming from Germany. My question is how much longer this is likely to take. These statements make one thing very clear, however: the infringement proceedings initiated back in May by you, Commissioner, are making very little impression on the German Justice Minister.

I fail to understand how a Justice Minister can consider herself to be above the law. After all, she of all people must know that every EU Member State is obliged to transpose European legislation, and, what’s more, must do so by the specified deadline.

The Justice Minister’s argument that the transposition of the existing Directive is impossible does not hold water. Perhaps you could make some kind of contribution to resolving this issue. At any rate, the example of Austria shows that a Member State that resisted for a very long time and refused to transpose the Directive can, in fact, create legislation that can serve as a very good model, with regulations that are sound and constitutional.

((The speaker agreed to take a blue-card question under Rule 149(8))

  Alexander Alvaro, Blue-card question. − (DE) Mr President, many thanks, Mr Voss, for your input, which is very interesting, especially as regards the role of the Justice Minister. Would you not say that it is the Justice Minister’s responsibility, if she sees that an item of legislation is incompatible with the law and, furthermore – as noted by the Irish High Court, which would not have referred the matter to the European Court of Justice otherwise – possibly incompatible with EU law as well, to suspend the legislation until the matter has been clarified, rather than transposing what is possibly bad law?

  Sophia in 't Veld (ALDE), Blue-card question. – I am rather surprised to hear my colleague Mr Voss refer to the example of Toulouse as a ‘Fahndungserfolg’; I think it was a disaster. Here is somebody who was already known to the intelligence services, who was on the Americans’ no-fly list, who had been flying to Pakistan, who killed people – this was known to the services – and who then killed again. What is your definition of a ‘Fahndungserfolg’, and how does data retention relate to this?

  Axel Voss, Blue-card answer. − (DE) Mr President, as regards the position of the Justice Minister, the German Federal Constitutional Court has not said that the Data Retention Directive is unlawful. The Federal Constitutional Court merely pointed out that the provisions of the transposing law did not ensure adequate security of data storage and that safeguard provisions in relation to the state’s access to data were too weak. These, and nothing else, were the points on which the Court based its judgment. That being the case, Germany must act on the commitments undertaken at the European level and transpose the Directive.

As for Toulouse, it is always important to ensure that cases stand up in court, and for that, evidence is essential. If there is evidence of unlawful behaviour, then it is sensible to give due consideration to any evidence that may have been gathered though data retention as well.

  Cecilia Malmström, Member of the Commission. − Mr President, I also very much appreciate that we are having this debate today and it gives me the possibility, hopefully, to clarify a few issues and to explain our intentions.

The Commission is indeed, as has been announced many times (also in the evaluation report from last year), planning to propose reforms to the Data Retention Directive, but it will not be for this year. Ever since the Commission originally tabled this proposal in 2005, it has acknowledged that telecommunications data are an integral part of evidence-gathering in investigations and prosecutions of very serious crime and that such data may be crucial in serving the needs of justice and protecting victims against harm. It was, and remains, necessary to guarantee that, within the bounds of proportionality and subject to appropriate safeguards and controls, these data are available for a limited period of time if police and prosecutors need to assess them.

The limitation and procedures for data retention should be as harmonised as possible to minimise the negative impact on the internal market while, at the same time, respecting the legitimate and varying requirements of national circumstances. It was also necessary to have a solid European data protection level for this. All but two Member States have now transposed the directive.

In the Commission’s evaluation of last year, evidence from Member States and Europol on the value of the measures of combating serious crime was presented. We have continued to press Member States to provide credible and comparable statistics and case studies to demonstrate this, and we have received quite a lot of information. Law enforcement and judicial authorities throughout the EU have repeatedly stressed the importance of knowing that data will be available if there is a need. However, as has been pointed out by different stakeholders – yourselves, different representatives of the data protection community, the industry, NGOs and different professional groups including journalists and lawyers – the Commission is also of the view that data retention has a significant impact on the right to privacy and the protection of personal data.

There are a number of areas in the current directive that ought to be improved. These areas are set out very clearly and in the evaluation report and they have been further examined during consultation. For instance, a reduced and more harmonised data retention period; a scope which is clear and exhaustive in terms of the type of data to be retained; and a clearer purpose limitation for which the data may be used. We also need minimum standards for access and use of the data, better accountability on the part of authorities for the data which they access and the statistics they provide, stronger data protection and a consistent approach to reimbursing the operator’s costs.

There is also – and this is very important – a need to be coherent between the obligation to require data retention in this directive – the Data Retention Directive – and the possibility that Member States have today to require, or to allow, data retention provided with the ePrivacy Directive. It is necessary to ensure that Member States cannot use retained data for other purposes than the ones in the Data Retention Directive. Currently Member States have this possibility in the ePrivacy Directive, so this is a loophole. The Commission has already announced that we will analyse the need to review the ePrivacy Directive once negotiations on the new general data protection framework are over.

So we are working towards a reform of the Data Retention Directive to be presented at the same time as the future revision of the ePrivacy Directive. Given the technical and legal complexity and the political sensitivity of this, it is likely to take some time, and I cannot give you a concrete timetable today. But I would like to mention that we very much appreciate your support and your input in this, which has contributed very constructively to our work and that of the data retention expert group.

  Agustín Díaz de Mera García Consuegra, on behalf of the PPE Group. – (ES) Mr President, Commissioner, without ignoring the fact that data protection is a fundamental right enshrined in Article 8 of the Charter of Fundamental Rights of the European Union and in Article 16 of the Treaty on the Functioning of the European Union, the current Directive was born of the desire to harmonise national provisions on data retention, in order to ensure the availability of those data for the purpose of the investigation, detection and prosecution of serious crime, such as terrorism or organised crime.

This harmonisation is necessary because the inefficiency arising from the fragmentation created by national provisions has been demonstrated in studies and through practical experience. We therefore need to ensure the continued retention, at European level, of data that are generated or processed.

A recent example of how these data can be used in a judicial context as a tool to fight crime is the arrest in Spain on 4 October 2012 of a young man planning to imitate the Columbine massacre by planting bombs at universities in the Balearic Islands. Following a police investigation using data obtained from electronic communications, it was ascertained that the young man had bought various explosive substances and items of equipment needed to make homemade bombs. As a result, it was possible to prevent a real tragedy.

Nevertheless, I call on the Commission to present an urgent proposal for the revision of the legal framework for data retention, because the importance and sensitivity of this matter means that we cannot continue with a Directive that has technical shortcomings and intrudes, sometimes disproportionately, on the right to privacy.

  Juan Fernando López Aguilar, on behalf of the S&D Group. – (ES) Mr President, Commissioner, I am one of the authors of this question to the Commission and therefore share the concerns of my co-authors who spoke before me, because they are well founded.

We find ourselves with a Directive that, at the time, was justified as serving to help fight organised crime, in particular terrorism, by means of data retention, with the attacks in Madrid and London in 2004 and 2005 respectively cited as examples.

However, following legal proceedings, challenges before the Court of Justice, but also rulings by various constitutional courts, which raised doubts about compliance with the standards now enshrined in the Treaty of Lisbon, and the principles of proportionality and necessity in all matters that may have a bearing on fundamental rights, which are enshrined in Article 8 of the European Convention on Human Rights and Article 8 of the Charter of Fundamental Rights of the European Union, it is clear that we need to succeed in revising the Directive. It is also clear that we are justified in our concerns that this initiative, a precise timetable for which has yet to be announced, should comply with the principle of minimum intervention, that is, offer the least intrusive provisions from the point of view of fundamental rights and, therefore, the best guarantee of respect for the principles of necessity and proportionality.

  Sophia in 't Veld, on behalf of the ALDE Group. – Mr President, this Directive has been wrong from the very start. Let us go back in history and recall that the only reason that this House got to vote on the proposal for data retention was that the Member States could not agree. They had no unanimity, remember? There were many Member States which did not want this. That is why we got to vote on it, that was the only reason. Until today they have been trying to avoid parliamentary intervention.

Secondly, does it serve a purpose? Is it useful? Have we become safer since 2005 and 2006? Despite the fact that the evaluation only came through after a long delay, there is not a shred of evidence – not a shred – that it contributes to our safety. All the statements about the necessity of this directive are based on assumptions and nothing else. We have yet to see any figures.

Does it serve the purpose of harmonisation? Some colleagues have pointed out that it does not. It does not. It was not meant to from the start, because the Member States chose to compensate, or not, companies for the costs that they incurred.

It was then deemed a violation of the constitution in many countries. Some colleagues may argue about this, but it is a technical point: only the implementation law was deemed unconstitutional. It seems almost impossible to find a way to implement it in a way that is reconcilable with the constitution.

In my own country, a report showed that there is widespread abuse and that data are being consulted much more often by many more people than is allowed. Does anybody take action? No.

So here is a law that was pushed through, that does not serve a purpose, that seems to be a violation of the constitution and of which there is widespread abuse. So of course the Commission and the Member States say ‘great law, let’s have more of it’. I say to the Commissioner: we should not wait for a review. It should be repealed today.

  Jan Philipp Albrecht, on behalf of the Verts/ALE Group. – (DE) Mr President, Ms Malmström, ladies and gentlemen, let us remind ourselves of what is at stake here. We are discussing the collection of all of the telecommunications data, all of the telecommunications framework data, for all 500 million European citizens all of the time, not in specific situations, not if there is reason to suspect any wrongdoing, but all the time, on an ongoing basis. This amounts to the permanent surveillance of every individual!

Please use your imagination and consider what a major intrusion this is into the basic rights of every citizen in Europe. This intrusion must be justified. Like the previous speakers, I would like to know what evidence is available to show that this Directive – all this data retention – is in fact necessary or a suitable means of achieving the objective, namely more effective investigation of crime, especially internet-based crime. I have not yet seen any evidence of that, or any indication that this is indeed the case.

Let us consider our real objective for a moment. Our real objective is to reduce crime rates and prevent crime. Let me say this: the Data Protection Directive has made no difference whatsoever. There is absolutely no difference in the crime statistics between the Member States where data retention takes place and those where it does not. This even applies to internet-related crime. Instead, we have invested vast sums of money in implementing data retention, which has proved to be extremely expensive. As a result, we have diverted funds from other areas where it could have been put to good use, such as providing police stations with internet access so that they can carry out case-specific investigations in the proper manner. That is something you should think about.

  Cornelia Ernst, on behalf of the GUE/NGL Group. – (DE) Mr President, Mr Voss, data retention does not solve any problems. In fact, it is the problem. Let me offer an analogy. Not long ago, I was walking through my home city of Dresden and happened to spot a burglar breaking into a house. Let me ask you this: would you now act on this information by passing a directive which states that women in my age group should stroll through Europe’s cities at night in order to reduce the crime rate? I think we should be asking about the benefits of the Directive.

We are nearing the end of this debate and I have just one point to make. Instead of flogging a dead horse – to use your analogy – and filching millions of people’s data, I would suggest that we proceed as follows. Ms Malmström, perhaps you could offer different advice to the Interior Ministers of the EU Member States. You could tell them not to make cuts in the police or law enforcement agencies in their countries. You could tell them to provide decent training for the police and the judiciary and to tackle corruption, which is now widespread. If we manage to achieve that in our countries, we would be making a valuable contribution to combating crime, which would greatly benefit citizens.

  Jaroslav Paška, on behalf of the EFD group. – (SK) In the opinion of the European Data Protection Supervisor and according to judgments of the German, Czech and Romanian Constitutional courts, Directive 2006/24/EC, which directs telecommunications companies to retain identification data on callers, callees and places and times of telephone calls or emails for the purpose of possible investigation and prosecution of criminal offences for a period of six months to two years, does not comply with the requirements laid down by European law on privacy and data protection.

It is therefore necessary, Commissioner, to take the appropriate decision either to repeal this Directive and leave it to Member States how to deal with this matter or, if there is agreement that common Union rules are needed with a view to police and judicial cooperation in such criminal matters, to prepare a new amendment, which should then, however, correspond to the culture of today’s European legislation. You have had since April of last year to respond to this matter and come to a decision, which I think is sufficient time.

  Carlos Coelho (PPE). – (PT) Mr President, Commissioner, ladies and gentlemen, Mr Díaz de Mera has already recalled the circumstances under which this Directive was adopted. The fact is that Member States have made use, in particular, of the period of retention of data, with the six-month to two-year period clearly being one of the tools most used by a large number of Member States.

Several speakers have already mentioned the problems we are having due to the Directive having been transposed into national law in very different ways, and virtually all of the speakers have rightly underlined the problems that we are having as regards the protection of fundamental rights and the right to privacy. There is clearly an issue here that we must tackle. I must say that I am with those who enjoyed the Commissioner’s answers. I appreciate the Commissioner’s concerns about the scope of the Directive, the limitation of its subject matter and the reduction of retention periods. Everything that the Commissioner has said is covered, in my view, by the efforts to revise this Directive, which we must work on together.

What worries me is the time problem. I was convinced that the Commission was going to present an initiative by the end of this year. The Commissioner has already said that this will not happen by the end of this year, but she has also not given us any time horizon. I fear that, at the end of this debate, we will all be thinking that in six months, a year, perhaps two years, we will still be asking the European Commission when the revised Directive will be presented.

  Dimitrios Droutsas (S&D). – Mr President, Commissioner, may I add my voice to the arguments and complaints expressed by my colleagues who have already taken the floor. I do not want or need to repeat what has already been said. May I just come back to the question: when will the Commission present its proposal?

I do not know if I understood you correctly, but I think you said that you do not intend to table your proposal this year. So I ask you, will it be next year? Next year is long; it is twelve months long. Could you specify further when you plan to table your proposal?

I am saying this because I would like to remind you that, right now, we are dealing with the personal data reform package. The European Parliament regards this dossier as a real priority and is working in a very engaged way on both the proposed regulation and the directive. I think we also need to harmonise the EU single market for telecommunications in this respect, and it is also time to deal with the ePrivacy Directive you yourself mentioned. So may I express the wish that the Commission take a more dynamic and determined stance vis-à-vis the Members States, even when so-called sensitive issues for the Member States are under discussion?

I would like to conclude with the following remark, Commissioner. In the European Parliament you will always find an enthusiastic ally in your efforts to better protect the personal data of EU citizens. But while you can always rely on our full cooperation and support in this regard, at the same time let me emphasise that the European Parliament will also always be prepared to fight for and defend its principles and beliefs in favour of the protection of EU citizens’ rights, especially when fundamental rights are concerned.

  Carl Schlyter (Verts/ALE). – (SV) Mr President, Commissioner, you said that we should have a proportional Directive, but it is difficult for me to see the proportionality in having to monitor every electronic communication by every citizen. Where is the efficiency in that? Even a child can avoid being caught by this Directive if he has criminal intent.

Not even George Orwell himself could have dreamt up this Directive in his worst nightmares. Up to and including George Bush, no similar measures were proposed in the US in the year of terrorism paranoia, but a freeze was proposed instead.

Instead of having a billion haystacks in which to find a needle, it is more intelligent to track a specific suspect, in other words the needle, and see whether anything sticks to him. This would be a more efficient use of our money. Having a spam-storage Directive like the one we have today is really not efficient.

I really do hope that you will repeal this as quickly as possible. Please present a report proving that this is not efficient, because I have not seen any evidence at all to show that it is.

  Lena Kolarska-Bobińska (PPE). – (PL) Mr President, Commissioner, before I ask my question, I would just like to mention that, a week ago, the Polish Parliament passed a bill amending Polish telecommunications legislation. The Commission has been waiting a long time for this to happen. The new provisions will shorten the required data retention period from two years, which was a very long time, to 12 months, allowing Poland to join a group of European countries in which similar provisions are in force. We are currently also working on a data retention law, in particular on provisions governing the type of data retained and who will have access to it. It would therefore be good to know the Commission’s plans as regards changes to European legislation, so that we can begin to incorporate them into our work.

The changes in Poland are the result of the work of numerous non-governmental organisations that wrote on this subject and exerted pressure on the authorities, in the belief that the existing arrangements infringed citizens’ right to privacy. It is therefore worth listening carefully, including at European level, not only to Members of the European Parliament, but also to non-governmental organisations concerned with privacy issues. I would like to use this opportunity to ask the Commission whether it has any figures, reports, studies or information on the impact reducing the data retention period may have on the effectiveness of the investigation, detection and prosecution of serious crimes, because that is one of the main arguments in this issue. We are always talking about it, but can we produce any evidence, for example, with regard to prosecutions for crimes such as possession of child pornography? We are never short of statements or arguments, but we have no hard data.

  Birgit Sippel (S&D). – (DE) Mr President, almost everything has been said that needs to be said, so I will keep it brief. Why data retention? After all, food stocks have to be replaced sooner or later. That means consuming or using the food and buying a new lot. At the beginning, the debate about data retention focused on its use in anti-terrorism. In practice, however, these data are available, so apparently they have to be used, and they are accessed to investigate a very wide range of crimes, including minor or moderately serious offences. Moreover, in the process, there is a growing data hunger that is driving the storage of types of data that were not originally envisaged. The volume of data is growing. At the very least, then, we must reduce the amount of data stored, the types of use, and the duration of storage. We must protect data from abusive forms of access and use. We should be open to discussing alternatives to the current practice, and we must be mindful of one principle above all: that the rule of law and the protection of civil rights are key pillars of governance in our countries and the EU. They must be respected and defended, if necessary by abolishing the Directive.

  Carmen Romero López (S&D). – (ES) Mr President, when the Commissioner was speaking about the reform, she mentioned that it would be within the bounds of proportionality. No directive ever states that it is not within the bounds of proportionality; the same thing happened with passenger name records. However, in practice, without a directive that refers to exceptional cases, which are the only circumstances in which fundamental rights could be violated, we find ourselves in a situation that cannot be resolved. How can we settle on a definition of ‘serious crime’ if there are eight countries that do not talk about serious crime in the context of data retention but any type of crime?

The volume of data and frequency of data retention involved make it completely impossible to manage these data properly for the purposes of tackling crime. Even when pursuing criminals and prosecuting crimes, it is not true that anything goes. The end does not justify the means. Only in exceptional cases can human rights be violated. We really need to reconsider this Directive. We cannot legislate in this manner.

Catch-the-eye procedure

  Elena Băsescu (PPE). – (RO) Mr President, the transposition of the Directive was a real challenge for many Member States, some of which have yet to complete this step. The reason behind this is the controversial matter of privacy protection. In Romania, the proposed legislation was first considered unconstitutional, and only this year was the transposition completed.

It is why I support a new act that addresses the more controversial aspects. The Commission must consider the constitutions of the Member States when devising these proposals, which must respect privacy rights. Even though the Commission announced last year its intention to modify the Directive, this was not yet done. In my opinion, the new proposal should be launched by the end of this year in order avoid other Member States appearing in front of the Court of Justice.

  Silvia-Adriana Ţicău (S&D). – (RO) Mr President, in June 2011 I asked the Commission, via an open question, if it intends to revise Directive 24 of 2006 on data retention, so that uniform regulations may be instituted at European level, and that they observe the constitutions of the Member States, the Charter of Fundamental Rights of the European Union and not infringe on the rights to free movement and privacy.

In your response of 12 Aug 2011, you stated that the Commission’s consultations with representatives of civil society bodies, implementing authorities, data protection organisations, the Member States, and other relevant sectors and judicial authorities have revealed different perspectives and suggestions, and that you would consider these in assessing the impact of the directive prior to its revision. Is this impact assessment complete? What does it contain and when will it be published?

  Eva Lichtenberger (Verts/ALE). – (DE) Mr President, Commissioner, I am very disappointed that once again, you have given us no indication as to when legislation will be brought forward. Your predecessor in office has said that the Data Retention Directive would not have been adopted nowadays in its present form. For me, that rings a lot of alarm bells. The experiences which have been recounted here are also not particularly convincing. There are fewer successes than promised and more frequent access than anticipated. Something is wrong!

The new initiative was promised for this year, but as we see, this legislation offers no value added, partly because the Member States are implementing the Directive in different ways and because a lack of legal clarity is opening the door to abuse. This is an issue which will determine the future of civil rights, Commissioner. Please present the amendment at last.

  Christian Engström (Verts/ALE). – (SV) Mr President, Commissioner, this is a failure of a Directive through and through. As the Commissioner herself has said, it will have a great impact on the right to privacy. There is nothing positive to balance this out. There has not been any harmonising effect, and there is nothing to indicate that this would be effective in fighting crime.

The Directive stated that the Commission should undertake an evaluation by no later than 15 September 2010, but this has never happened. To date, the Commission has not undertaken any proper evaluation at all. Some little anecdotes have been presented to indicate that it might be quite a nice thing to have after all. Many of these anecdotes came before the fact that data storage has been implemented. The Commission has not fulfilled its obligations under this Directive.

Against this background, there is one thing that is very difficult for my voters in Sweden to understand, namely how the Commission can fine Sweden for not having introduced this failed Directive whilst at the same time the Commission itself completely fails to present a proper evaluation as it is obliged to do.

  Phil Prendergast (S&D). – Mr President, data retention measures are always fraught with sensitive problems in relation to the respect of citizens’ fundamental rights. Our privacy is in jeopardy due to the misuse or loss of data, especially under a blind blanket instrument for the collection of our systems and communications data. In the post-9/11 world, executives and lawmakers have been under extreme pressure to show strength and decisiveness in the fight against international terrorism and organised crime.

Mistakes and abuses have abounded in the process, but fortunately, in the EU, discussions on the best means to address serious crime benefit from a calmer and less polarised environment, especially in comparison to the US. Europe has not neglected its responsibilities in this field; neither should it shy away from coolly assessing the effectiveness and proportionality of any security measures passed in reaction to serious threats. The rights at stake are no less serious. The Commission has committed itself to a review and must conduct one as early as evidence-based assessment allows.

(End of the catch-the-eye procedure)

  Cecilia Malmström, Member of the Commission. − Mr President, honourable Members, I really appreciate your engagement on this because it is an extremely important subject. But we also need to realise that data retention is here to stay.

The Member States support this and will not accept any proposal to abolish it. The risk is that we will then have 27 different versions for data retention in the different Member States with no common standards in respect of privacy and purpose.

We did an evaluation in April 2011 which made use of evidence from the Member States – you may call it anecdotal – but we had evidence on how they used this. Since then we have received more evidence of how it is used. These are concrete examples of how data retention has been used in order to crack down on criminal and drug networks and to identify victims and persecutors in child abuse networks, etc. I would be happy to share them with the European Parliament. We have already done so and we are happy to do so again.

I understand the criticism here, and I share much of it, but we need to be honest: this is not the mass surveillance of 500 million citizens. This is data that has been kept for commercial purposes by companies. It can be accessed by police authorities under certain conditions on an individual basis. It is not mass surveillance; we need to be clear on this. These practices are subject to democratic and judicial controls in the Member States.

Having said this, there are problems with this directive which are clearly outlined in the evaluation from April last year. I have mentioned them and Members have referred to them in their speeches.

There is insufficient harmonisation and clarity on the scope, who has access, the definition of serious crime, data protection rules and the retention period. We will seek to amend this and to shorten the data retention period. The revised proposal will also include a full assessment of the directive’s impact on privacy and other fundamental rights.

Data protection is a very important issue – all the Members would agree on this. We in the European Union need to have a coherent view on this, and that is why we need to do this together with certain other things. We need to address the loophole that today exists in the ePrivacy Directive, and which some Members referred to.

We must also make sure that the General Data Protection Regulation – and I know that many Members here are involved in reforming it – is in line with what we are doing, otherwise we will have divergences in legislation.

All this needs to be looked at together, and that is why I cannot give you an exact timetable today on when we will do that. But the purpose is for us to have strong data protection rules, and I will be more than happy to continue working very closely with the European Parliament.

  Carl Schlyter (Verts/ALE). – Mr President, on a point of order: I have a question about the rules. If we ask the Commissioner a question, we would actually like to have an answer. One question the Commissioner has not answered so far is whether the freezing of data, which they do in the United States, has been properly evaluated, because this is not clear from anecdotal evidence. For example, if you have a drug network, it is quite clear that this will have been suspected for some time, and a system of data freezing on individual grounds could work just as well.

(The President cut off the speaker and asked the Commissioner if she was prepared to reply)

  Cecilia Malmström, Member of the Commission. − Mr President, sorry, I should have mentioned that. A quick freeze, which many Members have referred to, is quite different from data retention, and we are looking into this as well.

This is not considered as an alternative to data retention for Member States. We are conducting a study on it which will be presented with the overall framework and the new proposal on this.

  President. − The debate is closed.

Written statement (Rule 149)

  Josef Weidenholzer (S&D), in writing. – (DE) It is very welcome that the Commission has finally come to the realisation that the 2005 Directive must be amended. The criticisms made by the public, who have an interest in the protection of personal data, are clearly more convincing than the usual unrealistic claims heard in some circles that the Directive will improve security. The Data Retention Directive is an example of bad law. It does not respond to national needs, it is disproportionate, and it erodes citizens’ confidence in the rule of law. It is high time we remedied the situation. Ms Malmström should address the reform of this legislation as an immediate priority. She undoubtedly has the requisite sensitivity to do so, given that while serving as a Member of the European Parliament, she voted against the Directive.