CHAPTER 8: COMPARISONS – INTERNATIONAL
Liberties Oversight Board provides advice and oversight to the US Government on
questions of terror prevention. A separate President’s Intelligence Oversight Board
reports directly to the President on potential violations of the law. Many of the
Agencies themselves also contain an Office of Inspector General, with a remit to
review compliance internally.21
Data Retention
8.55.
The European picture concerning data retention is diverse and complex. Prior to the
decision in Digital Rights Ireland, the EU Data Retention Directive required Member
States to pass laws requiring the retention of certain metadata for between 6 and 24
months.
8.56.
An opinion by the European Parliament’s Legal Service concerning European data
retention post-Digital Rights Ireland appeared in January 2015.22 It listed the Member
States whose courts had annulled data retention laws prior to the Digital Rights Ireland
judgment (Bulgaria, Romania, Germany, Cyprus, Czech Republic), as well as the first
three to have done so since (Austria, Slovenia, Romania), and concluded that Member
States which wish to retain data retention laws must ensure that they comply with EU
law.
8.57.
A very full summary of EU data retention laws in the EU Member States was published
by the Open Rights Group in April 2015.23
8.58.
As to the Five Eyes partners, both Canada and Australia have recently passed
legislation to require telecommunications providers to retain some data.24
Telecommunications providers in New Zealand are already required to be capable of
obtaining call associated data and to provide it to police and security services when
served with a warrant.
8.59.
An important distinction between US and UK law (as it currently stands) is that there
is no requirement for CSPs in the United States to store data beyond their own
business needs. On the other hand, US CSPs are not obliged, as are their European
counterparts, to delete or anonymise data once it is no longer necessary for business
purposes. I was informed during my trip to the US that it was highly unlikely that
Congress would consider legislation requiring service providers to retain or create
data that they did not themselves need for business purposes (such as billing).
However, CSPs are required to retain data that they already produce and create such
as name, address, telephone number of the caller, telephone number called, date,
time and length of a call.25
21
22
23
24
25
17th Report of Session 2013-14, HC231 (May 2014), p. 92.
Legal Opinion to LIBE, which can be accessed at:
https://s3.amazonaws.com/access.3cdn.net/27bd1765fade54d896_l2m6i61fe.pdf.
Open Rights Group, “Data Retention in the EU following the CJEU ruling”, (April 2015).
Australia: Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015.
Canada: PCFOC 2014.
Under 47 C.F.R. § 42.6.
152