Denmark Repeals Data Retention Law's Logging Rules, Will Begin Discussions On What Should Replace Them
from the moving-in-the-right-direction dept
A couple of months ago, we wrote about an important decision handed down by the European Union Court of Justice (EUCJ) that declared the EU's Data Retention Directive "invalid." As we noted then, it was not entirely clear what national governments would do about the legislation they had passed in order to implement that Directive. From the deafening silence that has followed, we can presume that most of them are still thinking hard, but the Danish government has announced it is repealing the law's excessive logging rules at least (Google Translate of original Danish press release from Ministry of Justice):
The Ministry of Justice considers overall that there is no basis for believing that the Danish logging rules would be contrary to the Charter [of Fundamental Rights]. But the ministry has doubts whether the rules on session logging is appropriate to achieve their purpose. Justice Karen Hækkerup repeal therefore now rules on session logging.
As that indicates, the Ministry of Justice does not consider that its own particular framing would fall foul of the EUCJ's ruling, but it does admit that it had doubts about whether the data retention logging rules were appropriate, and so is repealing them. Interestingly, that may not be the whole story here. According to the Danish Politiken newspaper, the real reason the government is choosing to strike down the rules is that it lacked the votes in parliament to stop that happening anyway. Here's what a spokesperson for the opposition Left party is reported as saying (Google Translate of original in Danish):
I am pleased that the Minister of Justice has recognized that the majority behind the unnecessary session logging has crumbled. We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.
It's great to see politicians beginning to recognize that simply "collecting it all" is neither proportionate nor effective. Here's what will happen now:
The Minister of Justice will in the next parliamentary session to submit a bill to revise the total logging rules that could form the basis for policy discussions with the political parties about logging rules future design.
Let's hope that the policy discussions will reflect what we have learned about the dangers of extreme surveillance in the last year -- and that other EU countries follow Denmark's example by repealing their laws and instituting broad-based consultations on what, if anything, should replace them.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data retention, denmark, eu, eu court of justice, eucj, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
How about 'Nothing'
'We have announced that we do not want the session logging myth persists because there is no correlation between the degree of intervention, and how effective it is as an investigative agent.'
The logical move would be to dump the program entirely, not just replace it with something similar. If even the politicians are going to admit that there's no solid evidence that such data retention has a real public benefit, or at least one that outweighs the downsides, then they should just drop it entirely.
[ link to this | view in chronology ]
Re: How about 'Nothing'
[ link to this | view in chronology ]
Misleading
The danish ministry of justice has previously found that the session logging was implemented in a way that made it useless to the police, so they can easily scrap it without any big consequences. Also note that the session logging is not mandated by the EU data retention directive - it's just something extra that danish politicians added from their own wish list when implementing the directive.
So what the political representatives are saying is that they want to keep all parts of the law related to retention of traffic data intact. That's certainly not a very positive message. It's likely they want to scrap this extra part as a preemptive move in order to reduce the risk of the entire law being challenged or repealed.
[ link to this | view in chronology ]
Re: Misleading
[ link to this | view in chronology ]
A) Session logging: logging of which web pages you visit and the contents of certain IP packets.
B) Traffic data retention previously mandated by the EU directive: logging of IP-address assignment, who calls whom, when and from where, geotracking of your movements if you bring your phone, mail traffic data (if the mail is provided by an ISP, but not if isn't). Unlike session logging there's no logging of the contents of the data traffic in this case.
A seems to be affected by the change, but not B. The change itself is positive but it's a big disappointed that the political representatives see no problems with B, even after the recent verdict. Furthermore, the proposed change to A is probably motivated by the wrong reasons (i.e. to preserve B).
[ link to this | view in chronology ]
Re:
I don't think the content of the IP packets are inspected.
AFAIK the most used technique to uphold the law is registering every 500 packets entering the ISPs net and include only to/from IPs, protocol, to/from postal codes and timestamps.
Since more than one user is usually online at the same time at an ISP and 500 packets is rather often it generates a huge amount of pretty well randomized data. Logic would dictate that the data would have extremely limited use even with good tools to search it, but since politicians don't care about such details it was passed into law.
But it is not DPI or other specific data in the packets as much as informations about the packets.
[ link to this | view in chronology ]
Bravo, Denmark!
Bravo, Danmark!
[ link to this | view in chronology ]
Same in Finland
So its kinda illegal and insane and our esteemed goverment consider doing something about it in a next election cycle...
I think I need a beer =P
[ link to this | view in chronology ]
Misrepresenting the truth
The repeal is only related to that "excess". Logging of phone meta data is still being performed, despite the court ruling.
Further more, The Danish government is planning to re-introduce both kinds of logging, as part of a planned cyber security center.
This law calls for the logging initiative to be moved to the military intelligence service (FE). Which moves logging into the domain of national security.
National security is explictly exempt from the Treaty Of Rome. Consequently the ruling of the EU Court of Justice, and the CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION do not apply.
In short, they'll just skin the cat using a different tool.
[ link to this | view in chronology ]
It would seem that Denmark does not believe in the "right to be forgotten."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]