Abstract
In its first part the paper recalls the history of data retention legislation in the European Union. The directive was born in the post 9/11 world, when fear of terrorism peaked. This is the context of the 2006 legislation and the subsequent implementations by the member states. The paper examines the directive and the rationale behind the two-years conservation of metadata. Further on the paper will examine the reasons for the directive annulment, its privacy implications and the proportionality principle.
In its second part the paper maps the consequences of the repealing. At the policy level this marks a growing concern about civil rights and a more rational view of security necessities. Commission and Parliament will have to take this into account. On the other hand the national legislations that implemented the invalid directive are still in place and possible scenarios should be examined as to their validity.
Repercussions will probably influence the data protection reform -voted by the European Parliament in first reading- and the Trade and Investment Partnership, for which negotiations are ongoing and that should regulate the data flows between EU and the USA. The new scenario will be important also for business, from the telco companies to the growing “Big data” industry, where data generated by mobile networks was to be leveraged for a lot of uses. As the major reason for the retention was criminal investigations, digital forensics will be influenced too, seen that the big datasets were a key enabler in many respects.
The position paper ends with some proposals on what can be done now to rebalance correctly the security and investigation necessities with fundamental liberties, recognising that the directive was in fact unbalanced but also that some level of retention is probably needed. On the backdrop obviously loom the 2013 NSA scandals, from which we learned that also from anonymised metadata is very easy to identify individual users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
[CSCG14] CEN-CENELEC-ETSI Cyber Security Coordination Group: “Recommendations for a Strategy on European Cyber Security Standardisation”, 2014 (http://www.cscg.focusict.de)
[ECJ14] European Court of Justice: “Judgment of the Court of 8 April 2014 in joined cases C-293/12 and C-594/12”
[EU06] “Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provisions of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC”. In: “Official Journal of the European Union” 13.4.2006
[Guar13] Guarino, Alessandro: “Digital Forensics as a Big Data Challenge”. In: “ISSE 2013 Securing Electronic Business Processes”, Springer, 2013, p. 197-203.
[Masy14] Masys, Anthony (ed.): “Networks and Network Analysis for Defence and Security (Lecture Notes in Social Networks)”, Springer, 2014.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Fachmedien Wiesbaden
About this paper
Cite this paper
Guarino, A. (2014). What now? Data Retention Scenarios After the ECJ Ruling. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2014 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-06708-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-658-06708-3_21
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-06707-6
Online ISBN: 978-3-658-06708-3
eBook Packages: Computer ScienceComputer Science (R0)