NRC Handelsblad, 12 March 2015: 'Telecom data was too easy to see'

“Six questions on telecom retention.

The court in The Hague yesterday put an end to an important investigative tool of the judiciary. Telecom providers are no longer obliged to keep data on who called, texted, or contacted whom via the internet, when and from what location.

1. What is the retention obligation?

Since 2009, providers have had to store customers' call data for a year, and internet data for six months. Police, investigative agencies and the AIVD security service can request that data and thus see who communicated with whom and when.

2. What is the point?

According to the Public Prosecutor's Office (OM), the retention obligation is indispensable in the fight against serious crime. The AIVD does not comment on this as far as counterterrorism is concerned.

The effectiveness of the retention obligation has never been proven by an independent body. Even before the obligation existed, providers stored telecom data for a longer period of time, for their own records. The police regularly requisitioned that data even then.(...)

3. What is the objection to it?

The court in The Hague yesterday ruled in summary proceedings brought by the Dutch Association of Defence Counsel, journalists' union NVJ, the Privacy First foundation and telecoms providers. They invoked a ruling by the European Court of Justice. That ruled last year that storing everyone's telecom data severely affects privacy, while it is unclear to what extent it is strictly necessary to tackle terrorism and crime.

The lawyers argued that their professional secrecy was put under pressure by the retention obligation. For the journalists, the issue was their source protection. Unauthorised persons could look up in the huge amount of call and internet data who was in contact with which lawyer or journalist.

4. What was the verdict yesterday?

According to the Hague court, the European ruling does not mean that, as the plaintiffs argued, the retention of everyone's data is not allowed at all. According to the court, combating serious crime may also require the retention of data of non-suspect citizens. In that case, access to that data must be limited. For example, only in cases of really serious crime and only after permission from a judge. Because such restrictions are lacking in the current data retention obligation, it should be taken off the table.

5. What are the providers doing now?

Some telecom providers, including KPN and Vodafone, yesterday said they would immediately stop retaining data longer than necessary for their operations. What data they still have they do not destroy as the state may appeal.

6. Is this the end of retention?

For now. The Ministry of Security and Justice is considering an appeal. A new bill, incorporating the verdict, is on the table. Whether there will actually be a new retention obligation and whether everyone's data will then be retained again is still unclear. (...)"

Source: NRC Handelsblad, 12 March 2015, Interior section. Also published in NRC Next.