After the attack in Paris on 7 January 2015, many politicians (Merkel , de Maizière, Mikl-Leitner ) across Europe demanded the re-introduction of a legal basis for the retention of data. Now why was the retention of data introduced the first time and then abolished? These questions will be discussed with referral to the situation in Austria.
The ‘retention of data’ operated in the following way: data was collected about when and where every phone call was made, which website was visited, which IP-address was used , which e-mail address was used by whom and to whom an e-mail was sent at what time, the same applies to text messages. This data was stored over a period of six months.
Purpose and legitimacy of data retention
These measures of data retention were first introduced through the Data Retention Directive 2006/24/EC and were presented as an “anti-terror” measure “ensuring “that the data are available for the purpose of the investigation, detection and prosecution of serious crime”(Art 1(1) Directive).
The retention was considered a violation, as the surveillance applied to every user of communication without any distinction and suspicion. Moreover it was used to create a profile of communication and movement, deducing where a person goes on a daily basis and which personal relationship one keeps. It was also criticised that personal data was used without the consent of the affected individual and that data regarding the sender and recipient of mail was collected.
In a milestone decision the CJEU declared the directive to be a violation of the right to respect for private life and the right to protection of personal data, as the measures enacted were too far-reaching.
Does the retention of data provide more security?
Now the debate about a re-introduction is on the rise it should be asked, how effective was this measure?
Overview of all the cases in which retrieved data was used in Austria:
Number of cases in which the data contributed to the clarification of the case:
This shows that the data was only used for crimes of a smaller scale and, even when used, this information did not lead to the effect of detecting or prosecuting crimes in most cases (53.74%). Especially noteworthy is that the retention of data was not used even in a single case out of 227 cases(!) for its actual purpose of fighting terrorism and serious crimes.
So why would European politicians want to re-introduce an ineffective and highly intrusive measure with huge financial costs (15-20 mio. in Austria)? One explanation is that surveillance which involves the collection of data and enables the direct supervision of social life may become a means for domination (Giddens, 1985:14, Maras, 2012: 72).
Therefore one cannot avoid the conclusion that the context of the horrific attack in Paris, the resulting fear of civilians becoming the target of terrorist attacks and their willingness to sacrifice their liberties for the feeling of security is misused when it comes to the implementation of far-reaching and intrusive measures with not the “others”, the terrorist, being the target but rather “us” all. In other words: “as a suspect population, we - all EU citizens - have now become the others” (Maras, 2012:71).