Denmark Repeals Data Retention Law's Logging Rules, Will Begin Discussions On What Should Replace Them
from the moving-in-the-right-direction dept
A couple of months ago, we wrote about an important decision handed down by the European Union Court of Justice (EUCJ) that declared the EU’s Data Retention Directive “invalid.” As we noted then, it was not entirely clear what national governments would do about the legislation they had passed in order to implement that Directive. From the deafening silence that has followed, we can presume that most of them are still thinking hard, but the Danish government has announced it is repealing the law’s excessive logging rules at least (Google Translate of original Danish press release from Ministry of Justice):
The Ministry of Justice considers overall that there is no basis for believing that the Danish logging rules would be contrary to the Charter [of Fundamental Rights]. But the ministry has doubts whether the rules on session logging is appropriate to achieve their purpose. Justice Karen Hækkerup repeal therefore now rules on session logging.
As that indicates, the Ministry of Justice does not consider that its own particular framing would fall foul of the EUCJ’s ruling, but it does admit that it had doubts about whether the data retention logging rules were appropriate, and so is repealing them. Interestingly, that may not be the whole story here. According to the Danish Politiken newspaper, the real reason the government is choosing to strike down the rules is that it lacked the votes in parliament to stop that happening anyway. Here’s what a spokesperson for the opposition Left party is reported as saying (Google Translate of original in Danish):
I am pleased that the Minister of Justice has recognized that the majority behind the unnecessary session logging has crumbled. We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.
It’s great to see politicians beginning to recognize that simply “collecting it all” is neither proportionate nor effective. Here’s what will happen now:
The Minister of Justice will in the next parliamentary session to submit a bill to revise the total logging rules that could form the basis for policy discussions with the political parties about logging rules future design.
Let’s hope that the policy discussions will reflect what we have learned about the dangers of extreme surveillance in the last year — and that other EU countries follow Denmark’s example by repealing their laws and instituting broad-based consultations on what, if anything, should replace them.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: data retention, denmark, eu, eu court of justice, eucj, privacy
Comments on “Denmark Repeals Data Retention Law's Logging Rules, Will Begin Discussions On What Should Replace Them”
How about 'Nothing'
Given this:
‘We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.’
The logical move would be to dump the program entirely, not just replace it with something similar. If even the politicians are going to admit that there’s no solid evidence that such data retention has a real public benefit, or at least one that outweighs the downsides, then they should just drop it entirely.
Re: How about 'Nothing'
Why not replace it with a law forbidding such data retention?
Misleading
I’m surprised to find such a misleading post on TechDirt. To start with the title is incorrect.The data retention law is not being repealed – it’s just a minor revision of certain rules.
The danish ministry of justice has previously found that the session logging was implemented in a way that made it useless to the police, so they can easily scrap it without any big consequences. Also note that the session logging is not mandated by the EU data retention directive – it’s just something extra that danish politicians added from their own wish list when implementing the directive.
So what the political representatives are saying is that they want to keep all parts of the law related to retention of traffic data intact. That’s certainly not a very positive message. It’s likely they want to scrap this extra part as a preemptive move in order to reduce the risk of the entire law being challenged or repealed.
Re: Misleading
Thanks, I’ve made changes to reflect those points.
Re:
A clarification of the terms and my point:
A) Session logging: logging of which web pages you visit and the contents of certain IP packets.
B) Traffic data retention previously mandated by the EU directive: logging of IP-address assignment, who calls whom, when and from where, geotracking of your movements if you bring your phone, mail traffic data (if the mail is provided by an ISP, but not if isn’t). Unlike session logging there’s no logging of the contents of the data traffic in this case.
A seems to be affected by the change, but not B. The change itself is positive but it’s a big disappointed that the political representatives see no problems with B, even after the recent verdict. Furthermore, the proposed change to A is probably motivated by the wrong reasons (i.e. to preserve B).
Re: Re: Re:
Not much is known about what they will put on the table instead. Session logging had an extend of about 90 % of all the data collected through this directive and the admissions from the police (only one – unintended – use to exclude a suspect and they haven’t had the programs they needed to actually search the data.) it would seem logical to bin it anyway!
I don’t think the content of the IP packets are inspected.
AFAIK the most used technique to uphold the law is registering every 500 packets entering the ISPs net and include only to/from IPs, protocol, to/from postal codes and timestamps.
Since more than one user is usually online at the same time at an ISP and 500 packets is rather often it generates a huge amount of pretty well randomized data. Logic would dictate that the data would have extremely limited use even with good tools to search it, but since politicians don’t care about such details it was passed into law.
But it is not DPI or other specific data in the packets as much as informations about the packets.
Bravo, Denmark!
Google Translate of original subject line:
Bravo, Danmark!
Same in Finland
Finnish goverments reaction/responce to EU Human Rights judges decision to repeal that ‘Data Retention Act’ before Parlianments election was ‘We consider to attach that on next time we modify our and (USTR’s) laws considering erm’ Artist Rights’ sometime on 2015.
So its kinda illegal and insane and our esteemed goverment consider doing something about it in a next election cycle…
I think I need a beer =P
Misrepresenting the truth
Things are NOT moving in the right direction. What was repealed was data-logging, which was in excess of the EU directive. In effect the danish government was going much further than the original EU logging directive.
The repeal is only related to that “excess”. Logging of phone meta data is still being performed, despite the court ruling.
Further more, The Danish government is planning to re-introduce both kinds of logging, as part of a planned cyber security center.
This law calls for the logging initiative to be moved to the military intelligence service (FE). Which moves logging into the domain of national security.
National security is explictly exempt from the Treaty Of Rome. Consequently the ruling of the EU Court of Justice, and the CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION do not apply.
In short, they’ll just skin the cat using a different tool.
It would seem that Denmark does not believe in the “right to be forgotten.”
Looks like Denmark’s economy is about to see an influx of business. Maybe I’ll sign up for an email account.
They don’t need logs if they store everything illegaly like the NSA does.