DOCSLIB.ORG

Towards a Global Data Protection Framework in the Field of Law Enforcement

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Towards a Global Data Protection Framework in the Field of Law Enforcement Towards a Global Data Protection Framework in the Field of Law Enforcement: An EU Perspective Cristina Blasi Casagran Thesis submitted for assessment with a view to obtaining the degree of Doctor of Laws of the European University Institute Florence, 8 June 2015 European University Institute Department of Law This thesis has been submitted for language correction Towards a Global Data Protection Framework in the Field of Law Enforcement: An EU Perspective Cristina Blasi Casagran Thesis submitted for assessment with a view to obtaining the degree of Doctor of Laws of the European University Institute Examining Board: Professor Marise Cremona, European University Institute (Supervisor) Professor Gregorio Garzón Clariana, Autonomous University of Barcelona Dr. Maria O’Neill, University of Abertay Dundee Professor Martin Scheinin, European University Institute Ⓒ Cristina Blasi Casagran, 2015 No part of this thesis may be copied, reproduced or transmitted without prior permission of the author Summary This thesis seeks to examine the existing EU frameworks for data-sharing for law enforcement purposes, both within the EU and between the EU and third countries, the data protection challenges to which these give rise, and the possible responses to those challenges at both EU and global levels. The analysis follows a bottom-up approach, starting with an examination of the EU internal data-sharing instruments. After that, it studies the data transfers conducted under the scope of an international agreement; and finally, it concludes by discussing the current international initiatives for creating universal data protection standards. As for the EU data-sharing instruments, this thesis demonstrates that these systems present shortcomings with regard to their implementation and usage. Moreover, each instrument has its own provisions on data protection and, despite the adoption of a Framework Decision in 2008, this has not brought about a convergence of data protection rules in the JHA field. A similar multiplicity of instruments is also found when the EU transfers data to third countries for the purpose of preventing and combating crimes. This is evident from examining the existing data-sharing agreements between the EU and the US. Each agreement has a section on data protection and data security rules, which again differ from the general clauses of the 2008 Framework Decision. This study demonstrates the influence of US interests on such agreements, as well as on the ongoing negotiations for an umbrella EU-US Data Protection Agreement. One possible way to ensure a high level of EU data protection standards in the field of law enforcement in the face of US pressure is by enhancing the role of Europol. This EU Agency shares information with EU member states and third countries. This thesis demonstrates that Europol has a full-fledged data protection framework, which is stronger than most of the member states’ privacy laws. However, taking Europol rules as a reference for global standards would only partially achieve the desired result. The exchange of data for security purposes does not only involve law enforcement authorities, but also intelligence services. The recent NSA revelations have shown that the programmes used by these bodies to collect and process data can be far more intrusive and secretive than any current law enforcement system. In view of the above, this thesis explores the potential of CoE Convention 108 for the Protection of Individuals with regard to the Automatic Processing of Personal Data and i the Cybercrime Convention as the basis for a global regime for data protection in law enforcement. This thesis concludes that an optimum global data protection framework would entail a combination of the 108 CoE Data Protection Convention and the Cybercrime Convention. The cumulative effect of these two legal instruments would bind both law enforcement and intelligence services in the processing of data. In sum, by promoting the Europol approach to data protection and existing Council of Europe rules, the EU could play a crucial role in the creation of global data protection standards. ii Contents Abbreviations ix Acknowledgments xv Introduction 1 1.1. Subject Matters and Aims 1 1.2. Limitations of the Research 4 1.3. Methodology and Source Materials 5 1.4. Terminology 5 1.5. Structure of Study 6 Chapter 1: Data exchanges for law enforcement purposes within the EU 9 1. Origin, evolution and scope of the EC/EU legislation on the processing 10 of personal data for criminal matters 2. EU data-sharing instruments for law enforcement purposes 19 2.1. The use of traditional mutual legal assistance procedures within 19 the EU 2.2. Post-9/11 data-sharing instruments 22 2.3. Shortcomings in the implementation and use of EU legal 27 instruments for exchanging criminal information 2.3.1. Delay in the implementation 27 2.3.2. Complexities in the usage 30 3. Expanding the information sources of member states: Data collected 32 for non-criminal reasons but ultimately used for law enforcement 3.1. European information systems created for border management 32 purposes 3.1.1. Background 33 3.1.2. Shift from border control to law enforcement purposes 36 iii 3.2. EU data-sharing instruments created under the basis of the EU 40 internal market clause 3.2.1. Exchange of passenger data within the EU 40 3.2.2. Exchange of financial data within the EU 46 3.2.3. Exchange of telecommunications data within the EU 49 a. Data Retention Directive 50 b. Cyber Security Directive 55 c. The use of mutual legal assistance for accessing 57 telecommunication data 4. The EU data protection legislation under the scope of the AFSJ 59 4.1. General data protection rules in connection with the AFSJ 60 4.1.1. Origins of the EU data protection legislation 60 4.1.2. Impact and scope of Directive 95/46/EC 61 4.1.3. Applicability of Regulation (EC) 45/2001 within the AFSJ 63 4.1.4. The Treaty of Lisbon and the new data protection paradigm 65 4.2. Sector-specific data protection legislation within the AFSJ 68 4.2.1. The limited scope of Framework Decision 2008/977/JHA 69 4.2.2. EU data security classification regime 72 4.2.3. Proposal for a directive on data protection for police and 72 judicial cooperation in criminal matters 4.3. Comparative study of the specific data protection provisions in 77 EU data-sharing instruments 4.4. The purpose limitation and the necessity principles 82 5. Conclusion 84 Chapter 2: Data exchanges for law enforcement purposes between the 87 EU and a third state 1. The external dimension of the AFSJ in the fight against terrorism 88 1.1. Origins and evolution 88 1.2. Data exchanges for security purposes. The blurry line between the 93 AFSJ and the CFSP/CSDP 1.3. Questioning the scope and purposes of article 39 TEU 97 2. International agreements for exchanging information 100 iv 2.1. Data-sharing agreements between the EU and the US 104 2.1.1. The EU-US Mutual Legal Assistance Agreement 105 2.1.2. Agreements on passenger name records 107 2.1.3 SWIFT agreements 113 2.1.4 EU-US agreements on the air and maritime security 117 partnerships 2.2. Issues of concern in the agreements 122 2.2.1. Legal basis implications 122 2.2.2. Public-private partnership 126 3. The EU data protection legislation for international data transfers in the 129 field of law enforcement 3.1. EU secondary law 130 3.1.1. International data transfers according to Council 130 Decision 2008/977/JHA 3.1.2. International data transfers according to the Proposal for a 133 Police and Criminal Justice Data Protection Directive 3.2. Data protection provisions in the main international agreements 136 between the EU and the US 3.2.1. Data protection in the EU-US PNR Agreement 136 3.2.2. Data protection in the SWIFT Agreement 143 3.2.3. EU-US agreement on the security of classified information 146 3.3. EU-US data protection regimes 147 3.3.1. Different conceptions of privacy in the US and the EU 147 3.3.2. Attempts to approximate the EU and the US privacy 152 legislations 3.3.3. Towards an umbrella EU-US Data Protection Agreement 155 3.3.4. The norm-taking role of the EU 158 4. Concluding remarks 163 Chapter 3: The role of Europol in the exchange of information within and 165 beyond the EU 1. The origin and aim of Europol 166 2. Europol’s data exchanges within the EU 168 v 2.1. The increasing involvement of Europol in the data-sharing 168 procedures within the EU 2.2. The use of SIENA as default communication tool within the EU 172 2.2.1. Background 172 2.2.2. SIENA phases 173 2.2.3. The scope of SIENA 174 2.2.4. Advantages of using SIENA as EU default communication tool 175 2.3. Europol’s data protection regime 177 2.3.1. Purpose limitation principle 177 2.3.2. Right of access, correction and deletion of data 180 2.3.3. Europol’s oversight 181 2.4. Main features in the proposed Europol regulation 183 2.4.1. Enhanced powers of Europol 183 2.4.2. Data protection 185 a. The purpose limitation principle 185 b. Right of access, correction and deletion of data 187 c. External supervision of Europol’s data processing 188 2.5. Comparison with data protection standards in the member states 191 3. Europol’s data exchanges beyond the EU 193 3.1. Europol cooperation agreements with third parties 195 3.1.1. Strategic agreements 197 3.1.2.
Load more

Recommended publications
  • Communication from the Commission to the European Parliament and the Council
    EN EN EN EUROPEAN COMMISSION Brussels, 20.7.2010 COM(2010)385 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Overview of information management in the area of freedom, security and justice EN EN COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Overview of information management in the area of freedom, security and justice 1. INTRODUCTION The European Union has come a long way since the leaders of five European countries agreed in Schengen in 1985 to abolish controls at their common borders. Their agreement gave rise in 1990 to the Schengen Convention, which contained the seeds of many of today’s information management policies. The abolition of internal border checks has spurred the development of a whole range of measures at external frontiers, mainly concerning the issuing of visas, the coordination of asylum and immigration policies and the strengthening of police, judicial and customs cooperation in the fight against cross-border crime. Neither the Schengen area nor the EU internal market could function today without cross-border data exchange. The terrorist attacks in the United States in 2001, as well as the bombings in Madrid and London in 2004 and 2005, triggered another dynamic in the development of Europe’s information management policies. In 2006, the Council and the European Parliament adopted the Data Retention Directive to enable national authorities to combat serious crime by retaining telecommunication traffic and location data.1 The Council then took up the Swedish initiative to simplify the cross-border exchange of information in criminal investigations and intelligence operations.
    [Show full text]
  • Download This PDF File
    Politics and Governance Open Access Journal | ISSN: 2183-2463 Volume 7, Issue 3 (2019) OutOut ofof thethe Shadows,Shadows, IntoInto thethe Limelight:Limelight: ParliamentsParliaments andand PoliticisationPoliticisation Editors Christine Neuhold and Guri Rosén Politics and Governance, 2019, Volume 7, Issue 3 Out of the Shadows, Into the Limelight: Parliaments and Politicisation Published by Cogitatio Press Rua Fialho de Almeida 14, 2º Esq., 1070-129 Lisbon Portugal Academic Editors Christine Neuhold (Maastricht University, The Netherlands) Guri Rosén (University of Oslo, Norway) Available online at: www.cogitatiopress.com/politicsandgovernance This issue is licensed under a Creative Commons Attribution 4.0 International License (CC BY). Articles may be reproduced provided that credit is given to the original andPolitics and Governance is acknowledged as the original venue of publication. Table of Contents Introduction to “Out of the Shadows, Into the Limelight: Parliaments and Politicisation” Christine Neuhold and Guri Rosén 220–226 Conceptualizing the Parliamentarization and Politicization of European Policies Niels Gheyle 227–236 The European Parliament and the Layered Politicization of the External Dimension of the Common Fisheries Policy Hubert Zimmermann 237–247 Eurosceptics into the Limelight? Eurosceptic Parliamentary Actors and Media Bias in EU Affairs Katrin Auel 248–265 Proving Their Worth? The Transatlantic Trade and Investment Partnership and the Members of the European Parliament Guri Rosén 266–278 Brexit under Scrutiny in
    [Show full text]
  • EU Member State Constitutional Identity: a Comparison of Germany and the Netherlands As Polar Opposites
    EU Member State Constitutional Identity: A Comparison of Germany and the Netherlands as Polar Opposites Gerhard van der Schyff* Abstract 167 I. Setting the Scene 168 II. Constitutional Identity Clarified 168 III. German Constitutional Identity Explored 170 1. Affirming the “Total” Constitution 170 2. Enter State-Based Democracy 172 3. Emphasizing National Sovereignty 173 IV. Dutch Constitutional Identity Explored 176 1. A “Modest” Constitution 176 2. Emphasis on Democracy 178 3. An “Open” Constitution 181 V. Germany and the Netherlands Evaluated 182 VI. On “Total” and “Modest” Constitutions 190 Abstract The purpose of this paper is to compare, in the light of European integra- tion, the concept of constitutional identity as it applies in Germany and the Netherlands as two EU Member States. Comparing Germany and the Netherlands not only allows for these polar opposites to be defined, but also evaluated. The benefits and drawbacks of expressing national constitu- tional identity will be considered, as well as ideas developed on how the concept is to be approached in the context of European integration. * Associate Professor, Department of Public Law, Jurisprudence and Legal History at the Law School of Tilburg University in the Netherlands. This contribution was written as part of the author’s research stay as a Humboldt Fellow in 2015 at the Chair for Public and Euro- pean Law of Professor Christian Calliess at the Law Faculty of the Free University of Berlin in Germany. All views expressed are those of the author. ZaöRV 76 (2016), 167-191 http://www.zaoerv.de © 2016, Max-Planck-Institut für ausländisches öffentliches Recht und Völkerrecht 168 van der Schyff I.
    [Show full text]
  • List of Members of the Civil Society Group
    Deliverable 1.13: List of members of the Civil Society group Work Package n°1 Programme Management Office (PMO) The project leading to this application has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 847593. http://www.ejp-eurad.eu/ Document information Project Acronym EURAD Project Title European Joint Programme on Radioactive Waste Management Project Type European Joint Programme (EJP) EC grant agreement No. 847593 Project starting / end date 1st June 2019 – 30 May 2024 Work Package No. 1 Work Package Title Project Management Office Work Package Acronym PMO Deliverable No. 1.13 Deliverable Title List of Civil Society group Lead Beneficiary IRSN (Mutadis) Contractual Delivery Date Month 6 (November 2019) Actual Delivery Date 09 Mars 2020 Type Dissemination level Authors Julien Dewoghélaëre (Mutadis), Honorine Rey (NTW), Gilles Hériard-Dubreuil (Mutadis). To be cited as: Dewoghélaëre Julien, Rey Honorine, Hériard-Dubreuil Gilles. (2020): List of members of the Civil Society group, Final version as of 09.03.2020 of deliverable D1.13 of the HORIZON 2020 project EURAD. EC Grant agreement no: 847593. Disclaimer All information in this document is provided "as is" and no guarantee or warranty is given that the information is fit for any particular purpose. The user, therefore, uses the information at its sole risk and liability. For the avoidance of all doubts, the European Commission or the individual Colleges of EURAD (and their participating members) has no liability in respect of this document, which is merely representing the authors' view. Acknowledgement This document is a deliverable of the European Joint Programme on Radioactive Waste Management (EURAD).
    [Show full text]
  • European Union
    European Union Analysis of the Data Retention Directive July 2013 Centre for Law and Democracy [email protected] +1 902 431-3688 www.law-democracy.org European Union: Data Retention Directive Introduction In 2006, the European Parliament passed Directive 2006/24/EC (the Data Retention Directive), in part in response to the security crisis provoked by terrorist attacks in Madrid in 2004 and in London in 2005. The Directive introduced blanket telecommunications surveillance measures with important implications for the right to freedom of expression. Specifically, European Union Member States are obliged to transpose the Directive into national law, including through provisions which compel “providers of publicly available electronic communications services or of a public communications network” (service providers) to retain the traffic and location data of all users’ telephone and Internet communications for between six months and two years. The Directive has come in for widespread criticism from human rights organisations, telecom associations, IT security firms, journalists, healthcare professionals and legal experts on the basis that it violates the right to privacy and that it is costly, cumbersome and unnecessary. According to a report by the European Commission, only 9 of 27 Member States had explicitly endorsed the Directive as a necessary security measure some five years after it was first adopted.1 Meanwhile, courts in Austria, Bulgaria, Cyprus, the Czech Republic, Germany, Ireland and Romania have rejected the Directive as unconstitutional and/or referred the matter to European Court of Justice on the basis that it violates fundamental rights. At the same time, the European Commission has taken measures against countries which have failed to transpose the directive and, on 30 May 2013, Sweden was fined 3 million Euros for failing to implement the Directive until 2012.2 Pursuant to Article 1 of the Directive, service providers must be required to retain the traffic and location data of all registered users.
    [Show full text]
  • Annual Report 2017
    101110101011101101010011100101110101011101101010011100 10111010101110110101001 10101110001010 EDRi EUROPEAN DIGITAL RIGHTS 110101011101101010011100101011101101010011100101 10101110110101000010010100EUROPEAN010 DIGITAL001 RIGHTS11011101110101011101101100000100101101000 DEFENDING RIGHTS AND FREEDOMS ONLINE 01000111011101110101 101011101101010000100101000100011101110111010101110110110000010010110100001000111011101110101 101110101010011100 101110101011101101010011100 101011101101010000100101000100011101 101011101101010000100101000100011101110111010101110110110000010010110100001000111011101110101 101110101010011100 101110101011101101010011100 1010111011010100001001010001000111011101110101011101101100000 101011101101010000100101000100011101110111010101110110110000010010110100001000111011101110101 101110101010011100 101110101011101101010011100 10101110110101000010010100010001110111011101010111011011000001001011010000100011101110111010 101011101101010000100101000100011101110111010101110110110000010010110100001000111011101110101 101110101010011100 101110101011101101010011100 101011101101010000100101000100011101110111010101110110110000010010110100001000111011101110101 101110101010011100 101110101011101101010011100 EUROPEAN DIGITAL RIGHTS EUROPEAN DIGITAL RIGHTS ANNUAL REPORT 2017 1011011101101110111010111011111011 January 2017 – December 2017 1011011101101110111011101100110111 101011101101010000100101000100011101110111010101110110110000010010110100001000111011101110101 101110101010011100 101110101011101101010011100 101011101101010000100101000100011101110111010101110110110000010010110100001000111011101110101
    [Show full text]
  • Investigative Journalism in South East Europe
    PROGRAMME This 8th edition of Privacy Camp revolves around the topic of Technology and Activism. In addition to panel discussions and workshops, this year, Privacy Camp also brings you a Critical Maker Faire. Below you can find out the details about each session as well as our famous after-party. Welcome and storytelling session: Stories of Activism Focusing on stories, encounters as well as methodological reflections, our opening session will feature activists with diverse causes who will give us situated perspectives and tell us about their work, their engagement with technology and their stories of solidarity and resistance. Jeff Deutch, Lead Researcher – The Syrian Archive Sergey Boyko, co-founder – Internet Protection Society Finn Sanders and Jan-Niklas Niebisch – Fridays for Future Germany Defending digital civic space: How to counter digital threats against civil society As repressive governments increasingly curtail digital civic space, defending civil society against surveillance and offensive information controls has become ever more important. This panel provides insights into the risks and security needs of activists from authoritarian contexts and showcases efforts aiming to build resilience against digital threats. The main objective is to shed light on successful interventions and key challenges in the field of information security for civil society: How to build long-term security support for activists, moving beyond one-off trainings? How to reduce dependency on tech experts and encourage holistic security behavior? What are effective strategies to collect and uncover evidence on surveillance and digital threats? The panelists will discuss these and other questions in an open format, sharing their professional insights and experience.
    [Show full text]
  • NSA) Surveillance Programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) Activities and Their Impact on EU Citizens' Fundamental Rights
    DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT C: CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS The US National Security Agency (NSA) surveillance programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights NOTE Abstract In light of the recent PRISM-related revelations, this briefing note analyzes the impact of US surveillance programmes on European citizens’ rights. The note explores the scope of surveillance that can be carried out under the US FISA Amendment Act 2008, and related practices of the US authorities which have very strong implications for EU data sovereignty and the protection of European citizens’ rights. PE xxx.xxx EN AUTHOR(S) Mr Caspar BOWDEN (Independent Privacy Researcher) Introduction by Prof. Didier BIGO (King’s College London / Director of the Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France). Copy-Editing: Dr. Amandine SCHERRER (Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France) Bibliographical assistance : Wendy Grossman RESPONSIBLE ADMINISTRATOR Mr Alessandro DAVOLI Policy Department Citizens' Rights and Constitutional Affairs European Parliament B-1047 Brussels E-mail: [email protected] LINGUISTIC VERSIONS Original: EN ABOUT THE EDITOR To contact the Policy Department or to subscribe to its monthly newsletter please write to: [email protected] Manuscript completed in MMMMM 200X. Brussels, © European Parliament, 200X. This document is available on the Internet at: http://www.europarl.europa.eu/studies DISCLAIMER The opinions expressed in this document are the sole responsibility of the author and do not necessarily represent the official position of the European Parliament.
    [Show full text]
  • The Development of European Criminal Procedure Law
    eucrim ISSUE / ÉDITION / AUSGABE 1–2 / 2009 THE EUROPEAN CRIMINAL LAW ASSOCIATIONS‘ FORUM SUCCESSOR TO AGON Focus: The Development of European Criminal Procedure Law Dossier particulier: Le développement du droit de la procédure pénale européen Schwerpunktthema: Die Entwicklung des europäischen Strafprozessrechts Rules on the Application of ne bis in idem in the EU Dr. Katalin Ligeti Mutual Recognition of Judicial Decisions in Criminal Matters with Regard to Probation Measures and Alternative Sanctions Hanna Kuczyńska Vers la mort annoncée du juge d’instruction en France Elisabeth Schneider The Constitution says yes [but …] to the Lisbon Treaty Dr. Marianne Wade 1–2 / 2009 ISSUE / ÉDITION / AUSGABE Contents News* Articles European Union Cooperation The Development of European 14 Customs Cooperation Criminal Procedure Law Foundations 15 Judicial Cooperation 2 Community Powers in Criminal 17 European Arrest Warrant Matters – Data Retention 19 European Supervision Order 37 Rules on the Application of ne bis in idem 3 Community Powers in Criminal 19 Criminal Records in the EU Matters – Data Bases 20 E-Justice Dr. Katalin Ligeti 3 Schengen 23 Law Enforcement Cooperation 4 Legislation 43 Mutual Recognition of Judicial Decisions in Criminal Matters with Regard to Probation Institutions Council of Europe Measures and Alternative Sanctions 5 OLAF Hanna Kuczyńska 5 Europol Foundations 6 Eurojust 25 60th Anniversary of Council 49 Vers la mort annoncée du juge d’instruction of Europe en France Specific Areas of Crime/ 26 Relations between the Council Elisabeth Schneider Substantive Criminal Law of Europe and the European Union 7 Counterfeiting & Piracy 27 European Court of Human Rights 57 The Constitution says yes [but …] 7 Organised Crime 29 Human Rights and Legal Affairs to the Lisbon Treaty 8 Environmental Crime Dr.
    [Show full text]
  • The Political and Judicial Life of Metadata: Digital Rights Ireland and the Trail of the Data Retention Directive Elspeth Guild and Sergio Carrera
    The Political and Judicial Life of Metadata: Digital Rights Ireland and the Trail of the Data Retention Directive Elspeth Guild and Sergio Carrera No. 65/May 2014 Abstract This paper examines the challenges facing the EU regarding data retention, particularly in the aftermath of the judgment Digital Rights Ireland by the Court of Justice of the European Union (CJEU) of April 2014, which found the Data Retention Directive 2002/58 to be invalid. It first offers a brief historical account of the Data Retention Directive and then moves to a detailed assessment of what the judgment means for determining the lawfulness of data retention from the perspective of the EU Charter of Fundamental Rights: what is wrong with the Data Retention Directive and how would it need to be changed to comply with the right to respect for privacy? The paper also looks at the responses to the judgment from the European institutions and elsewhere, and presents a set of policy suggestions to the European institutions on the way forward. It is argued here that one of the main issues underlying the Digital Rights Ireland judgment has been the role of fundamental rights in the EU legal order, and in particular the extent to which the retention of metadata for law enforcement purposes is consistent with EU citizens’ right to respect for privacy and to data protection. The paper offers three main recommendations to EU policy-makers: first, to give priority to a full and independent evaluation of the value of the data retention directive; second, to assess the judgment’s implications for other large EU information systems and proposals that provide for the mass collection of metadata from innocent persons, in the EU; and third, to adopt without delay the proposal for Directive COM(2012)10 dealing with data protection in the fields of police and judicial cooperation in criminal matters.
    [Show full text]
  • Two Years After Snowden
    TWO YEARS AFTER SNOWDEN PROTECTING HUMAN RIGHTS IN AN AGE OF MASS SURVEILLANCE (COVER IMAGE) A student works on a computer that is projecting former U.S. National Security Agency contractor Edward Snowden as he appears live via video during a world affairs conference in Toronto © REUTERS/Mark Blinch 2 TWO YEARS AFTER SNOWDEN JUNE 2015 © REUTERS/Zoran Milich © REUTERS/Zoran “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether.” Ben Emmerson QC, UN Special Rapporteur on counter-terrorism and human rights EXECUTIVE SUMMARY On 5 June 2013, a British newspaper, The exposed by the media based on files leaked by Guardian, published the first in a series Edward Snowden have included evidence that: of revelations about indiscriminate mass surveillance by the USA’s National Security Companies – including Facebook, Google Agency (NSA) and the UK’s Government and Microsoft – were forced to handover Communications Headquarters (GCHQ). their customers’ data under secret orders Edward Snowden, a whistleblower who had through the NSA’s Prism programme; worked with the NSA, provided concrete evidence of global communications the NSA recorded, stored and analysed surveillance programmes that monitor the metadata related to every single telephone internet and phone activity of hundreds call and text message transmitted in of millions of people across the world. Mexico, Kenya, and the Philippines; Governments can have legitimate reasons GCHQ and the NSA have co- for using communications surveillance, for opted some of the world’s largest example to combat crime or protect national telecommunications companies to tap security.
    [Show full text]
  • II. Data Retention: the Basics
    INTRODUCTION TO DATA RETENTION MANDATES September 2012 This memo introduces the concept of data retention, describes the common attributes of data retention laws, and discusses the risks to human rights, broadband deployment, economic growth and law enforcement effectiveness that such laws create. I. What is data retention? The telephone network (both fixed and wireless) and Internet services generate huge amounts of transactional data that reveals the activities and associations of users. Increasingly, law enforcement officers around the world seek such information from service providers for use in criminal and national security investigations. In order to ensure the ready availability of such data, some governments have imposed or have considered imposing mandates requiring communications companies to retain certain data – data that these companies would not otherwise keep – about all of their users. Under these mandates (imposed by law or regulation or through licensing conditions), data must be collected and stored in such a manner that it is linked to users’ names or other identification information. Government officials may then demand access to this data, pursuant to the laws of their respective countries, for use in investigations.1 As a tool for addressing law enforcement challenges, data retention comes with a very high cost and is ultimately disproportionate to the goals it seeks to advance. Less privacy-burdensome alternatives are likely to accomplish governments’ legitimate goals just as effectively and perhaps more effectively. II. Data Retention: The Basics Data retention laws vary with respect to the types of companies, data, and services that they cover. Types of companies covered: Most of the data retention laws that have been adopted thus far focus on telephone companies (both fixed line and wireless) and Internet service providers (ISPs), including cable companies and mobile providers.
    [Show full text]