Denmark Repeals Data Retention Law's Logging Rules, Will Begin Discussions On What Should Replace Them

from the moving-in-the-right-direction dept

A couple of months ago, we wrote about an important decision handed down by the European Union Court of Justice (EUCJ) that declared the EU's Data Retention Directive "invalid." As we noted then, it was not entirely clear what national governments would do about the legislation they had passed in order to implement that Directive. From the deafening silence that has followed, we can presume that most of them are still thinking hard, but the Danish government has announced it is repealing the law's excessive logging rules at least (Google Translate of original Danish press release from Ministry of Justice):

The Ministry of Justice considers overall that there is no basis for believing that the Danish logging rules would be contrary to the Charter [of Fundamental Rights]. But the ministry has doubts whether the rules on session logging is appropriate to achieve their purpose. Justice Karen Hækkerup repeal therefore now rules on session logging.
As that indicates, the Ministry of Justice does not consider that its own particular framing would fall foul of the EUCJ's ruling, but it does admit that it had doubts about whether the data retention logging rules were appropriate, and so is repealing them. Interestingly, that may not be the whole story here. According to the Danish Politiken newspaper, the real reason the government is choosing to strike down the rules is that it lacked the votes in parliament to stop that happening anyway. Here's what a spokesperson for the opposition Left party is reported as saying (Google Translate of original in Danish):
I am pleased that the Minister of Justice has recognized that the majority behind the unnecessary session logging has crumbled. We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.
It's great to see politicians beginning to recognize that simply "collecting it all" is neither proportionate nor effective. Here's what will happen now:
The Minister of Justice will in the next parliamentary session to submit a bill to revise the total logging rules that could form the basis for policy discussions with the political parties about logging rules future design.
Let's hope that the policy discussions will reflect what we have learned about the dangers of extreme surveillance in the last year -- and that other EU countries follow Denmark's example by repealing their laws and instituting broad-based consultations on what, if anything, should replace them.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data retention, denmark, eu, eu court of justice, eucj, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 4 Jun 2014 @ 12:56am

    How about 'Nothing'

    Given this:

    'We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.'

    The logical move would be to dump the program entirely, not just replace it with something similar. If even the politicians are going to admit that there's no solid evidence that such data retention has a real public benefit, or at least one that outweighs the downsides, then they should just drop it entirely.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Jun 2014 @ 9:49am

      Re: How about 'Nothing'

      Why not replace it with a law forbidding such data retention?

      link to this | view in chronology ]

  • identicon
    Tor, 4 Jun 2014 @ 1:49am

    Misleading

    I'm surprised to find such a misleading post on TechDirt. To start with the title is incorrect.The data retention law is not being repealed - it's just a minor revision of certain rules.

    The danish ministry of justice has previously found that the session logging was implemented in a way that made it useless to the police, so they can easily scrap it without any big consequences. Also note that the session logging is not mandated by the EU data retention directive - it's just something extra that danish politicians added from their own wish list when implementing the directive.

    So what the political representatives are saying is that they want to keep all parts of the law related to retention of traffic data intact. That's certainly not a very positive message. It's likely they want to scrap this extra part as a preemptive move in order to reduce the risk of the entire law being challenged or repealed.

    link to this | view in chronology ]

    • identicon
      Glyn Moody, 4 Jun 2014 @ 2:08am

      Re: Misleading

      Thanks, I've made changes to reflect those points.

      link to this | view in chronology ]

    • identicon
      Tor, 4 Jun 2014 @ 2:13am

      A clarification of the terms and my point:

      A) Session logging: logging of which web pages you visit and the contents of certain IP packets.

      B) Traffic data retention previously mandated by the EU directive: logging of IP-address assignment, who calls whom, when and from where, geotracking of your movements if you bring your phone, mail traffic data (if the mail is provided by an ISP, but not if isn't). Unlike session logging there's no logging of the contents of the data traffic in this case.

      A seems to be affected by the change, but not B. The change itself is positive but it's a big disappointed that the political representatives see no problems with B, even after the recent verdict. Furthermore, the proposed change to A is probably motivated by the wrong reasons (i.e. to preserve B).

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Jun 2014 @ 11:47am

        Re:

        Not much is known about what they will put on the table instead. Session logging had an extend of about 90 % of all the data collected through this directive and the admissions from the police (only one - unintended - use to exclude a suspect and they haven't had the programs they needed to actually search the data.) it would seem logical to bin it anyway!

        I don't think the content of the IP packets are inspected.
        AFAIK the most used technique to uphold the law is registering every 500 packets entering the ISPs net and include only to/from IPs, protocol, to/from postal codes and timestamps.

        Since more than one user is usually online at the same time at an ISP and 500 packets is rather often it generates a huge amount of pretty well randomized data. Logic would dictate that the data would have extremely limited use even with good tools to search it, but since politicians don't care about such details it was passed into law.

        But it is not DPI or other specific data in the packets as much as informations about the packets.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2014 @ 1:53am

    Bravo, Denmark!

    Google Translate of original subject line:

    Bravo, Danmark!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2014 @ 3:47am

    Same in Finland

    Finnish goverments reaction/responce to EU Human Rights judges decision to repeal that 'Data Retention Act' before Parlianments election was 'We consider to attach that on next time we modify our and (USTR's) laws considering erm' Artist Rights' sometime on 2015.
    So its kinda illegal and insane and our esteemed goverment consider doing something about it in a next election cycle...

    I think I need a beer =P

    link to this | view in chronology ]

  • identicon
    A. Lauridsen, 4 Jun 2014 @ 5:53am

    Misrepresenting the truth

    Things are NOT moving in the right direction. What was repealed was data-logging, which was in excess of the EU directive. In effect the danish government was going much further than the original EU logging directive.

    The repeal is only related to that "excess". Logging of phone meta data is still being performed, despite the court ruling.

    Further more, The Danish government is planning to re-introduce both kinds of logging, as part of a planned cyber security center.

    This law calls for the logging initiative to be moved to the military intelligence service (FE). Which moves logging into the domain of national security.

    National security is explictly exempt from the Treaty Of Rome. Consequently the ruling of the EU Court of Justice, and the CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION do not apply.

    In short, they'll just skin the cat using a different tool.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2014 @ 10:18am

    The Minister of Justice will in the next parliamentary session to submit a bill to revise the total logging rules that could form the basis for policy discussions with the political parties about logging rules future design.

    It would seem that Denmark does not believe in the "right to be forgotten."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jun 2014 @ 1:57am

    Looks like Denmark's economy is about to see an influx of business. Maybe I'll sign up for an email account.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jul 2018 @ 5:14am

    They don't need logs if they store everything illegaly like the NSA does.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.