The proposed blanket retention of telecommunications data to counter terrorism has sparked concerns about the erosion of privacy, reports Julia Bateman

Having recently secured the passage of the controversial Identity Cards Bill through the Commons, Home Secretary Charles Clarke may be forgiven for wanting respite from the well-worn argument of balancing law enforcement needs with guarantees for civil liberties. No such luck, however, as similar arguments rage at EU level, not least in the matter of data retention of telecommunications information for law enforcement purposes - a key initiative in the EU's anti-terror armoury.


Tackling the question of the right to privacy with the need for effective investigation on the home front is one thing. Multiply this issue by 25 member states and three EU institutions, and scale of the UK Presidency's task in this area is clear.


Under the banner of intelligence-led policing, much has been made of the need for law enforcement agencies to access and analyse communications between suspected persons. However, it is argued, to identify possible suspects and suspect behaviour, all telecommunication data on all persons needs to be kept. It is such blanket data retention that has led both civil liberties champions and telecoms companies to denounce the proposals, be it for privacy reasons or costs issues.


It is not just the impact on purse or principle that has put this proposal under threat. Inter-institutional wrangling and political power play in Brussels have served to hold up adoption of this supposedly crucial text. The question of who has the right to propose legislation in this area, and the procedure by which the legislation is then to be adopted, has put the quest for end-of-year adoption in doubt.


The debate began in 2004 when the UK, along with France, Sweden and Ireland, proposed a law establishing rules on the retention of communications traffic data by service providers for 'purposes of crime prevention, investigation, detection and prosecution'. Under this proposal, service providers would be required to retain a standard list of data on communications via the Internet, mobile telephones (including messaging services) and fixed telephones. This was to include the time, place and individuals involved in any communication - so-called 'traffic data'. But content of the communication would not be retained. The general rule proposed was for data to be retained for 12 months, with member states allowed to derogate from this to introduce data retention requirements ranging from six months to 48 months.


This text was a member state proposal, brought out under the auspices of police and judicial co-operation - the so-called 'third pillar'. In that case, the European Parliament was called on to give a non-binding opinion rather than to co-legislate. The parliament's civil liberties committee, not happy at being sidelined, argued in return that this proposal fell squarely within telecommunications policy, a pure European Community matter.


In the committee's eyes, it had the right of co-decision power under the 'first pillar'. Coupled with the threat of legal action before the European Court of Justice should the Council of the European Union continue to keep it at arm's length, the parliament then went on to issue a damning indictment by rejecting the proposal in September this year.


Faced with this crisis, and determined to keep the initiative alive, the European Commission then came forward with a comprehensive set of proposals relating to data retention, data sharing and data protection. The package includes a draft directive to force telecommunications firms to retain data on phone calls for a year and Internet data for six months, essentially taking on board many of the proposals in the draft directive under dispute. Telecoms companies would have to transmit the data 'upon request to the competent authorities without undue delay'.


In terms of police use of this data, a new proposal was brought forward to encourage Europe-wide data sharing, based on the 'principle of availability'. This is a law enforcement buzz-word, designed to ensure that all law enforcement agencies are given access to the information they need, when they need it. This would require police to respond to demands for information from other member states' law-enforcement authorities within 12 hours. The implementation of the principle may lead us to believe that personal data will be transferred unhindered from Gdansk to Glasgow. Indeed, it appears that our personal data is currently better protected from use in cross-border tele-marketing than a European police file.


However, some comfort may be derived by the fact that a proposal has finally been brought forward that sets out data protection principles to apply to EU police and judicial co-operation matters. Previously, data protection principles relating to EU justice matters were either covered by national laws, based on the Council of Europe Convention of 1981, or set out in sector-specific instruments such as Europol Decisions and the Schengen Convention provisions.


The new proposal signals good progress, but in learning our lessons from the EU safeguards proposal, we have to ask the question: will political and legislative efforts go into reaching agreement on those texts dealing with law enforcement powers, thus leaving the data protection proposal floundering?


The answer to that appears to be 'yes'. The home secretary has made clear his commitment to reaching agreement on the data retention proposals by the end of year, regardless of any political or legal question marks over the various texts. Accused in some circles as a lacklustre presidency, it may be that agreement on this issue will not be the one that got away.


Julia Bateman is the justice and home affairs policy executive at the Law Society's Brussels office. E-mail: brussels@lawsociety.org.uk