Menu
Proposal for altered data retention law is still unlawful, Dutch DPA says

Proposal for altered data retention law is still unlawful, Dutch DPA says

Obliging telecom companies to retain customer data for months to help the police catch criminals is disproportionate, the DPA said

The Dutch government's proposed revision of the country's data retention law is not enough to bring it into compliance with a recent European Union court ruling, the Dutch privacy watchdog said Monday.

An effort by the Dutch government to adjust a law requiring telecommunications and Internet companies to retain their customers' location and traffic metadata for investigatory purposes should be dropped, as the infringement of the private life of virtually all Dutch citizens is too great, the Dutch Data Protection Authority (DPA) said on Monday.

The Dutch government is looking to change data retention obligations for telephone and Internet communications operators following a decision last year by the Court of Justice of the European Union (CJEU). The court invalidated the European data retention directive, on which the Dutch law is based, because it violates fundamental privacy rights.

The Dutch data retention law has been under pressure since the CJEU's ruling. The Council of State, a constitutional advisory body, last year already concluded that the law should be withdrawn because it violates fundamental privacy laws. But despite this advice, the government decided to amend it instead of annul it.

The government sees the law as indispensable for the investigation and prosecution of serious criminal offenses, and proposed maintaining it with minor adjustments to who will have access to the data and under what circumstances to bring it in line with the CJEU ruling.

But the Dutch DPA thinks the bill should not even be presented to Parliament as there is no proven necessity for such a law, it said in a letter to the government published Monday.

Retaining the telephony and Internet data of virtually all citizens for six to 12 months is a far-reaching measure which requires an irrefutable demonstration of necessity, it said, adding that during the 4.5 years this data has been retained, law enforcement authorities have not been able to show why data retention is necessary.

Moreover, the draft bill does not address the question whether less far-reaching alternative measures would be available to obtain the same result. If the bill was to go ahead, "the infringement of the private life of virtually all Dutch citizens is too big and disproportionate," it found

The government for instance proposed to retain telephony data for 12 months but only make it accessible to law enforcement for six to 12 months depending on the crime. However, this distinction between the retention and the use of the data does not alter the disproportionality between the purpose of the data collection and the infringement on the private life. Therefore, this general data retention obligation is unlawful, the DPA said.

The DPA's opinion is one of several that will have to be taken into account, said a spokesman for the Dutch government, who added that the government will comment on every suggestion in detail when the bill is submitted to the Parliament.

A DPA spokeswoman said the bill could still be altered before it will be discussed in parliament based on the advice.

Although the government has refused to annul the law, others are seeking to force its hand. On Wednesday, the District Court of the Hague is scheduled to hear a legal challenge to it, filed by a broad coalition of organizations who want the law invalidated because it violates fundamental privacy rights.

Other data retention laws in EU countries have already been ruled unconstitutional, In Austria for instance, the local law was invalidated in the wake of the CJEU ruling. In Germany, the local data retention law was ruled unconstitutional in 2010, long before the ruling.

In Sweden though, the government is looking to maintain a data retention obligation for telecommunication data on much the same grounds as in the Netherlands.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitydata protectionlegislationgovernmentprivacy

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments