Since April 2014 data retention has been a high-profile topic in counter-terrorism. This is because the decision by the CJEU to strike down the Data Retention Directive (summary) brought to the fore a tension between (some) states’ desire for wide-reaching data retention powers, and concerns about the implications of such an approach for privacy and other civil liberties. In the meantime some non-EU states–notably the US and Australia–have been exploring ways of having telecommunications companies or other entities retain ‘metadata’ that the state could then access for investigatory reasons in particular situations. Data retention was one of the early ‘desk’ case studies in the SECILE project, and the report is available here. Since April, I have also written a number of blog commentaries on data retention for The Conversation and Oxford Human Rights Hub:
Will Australia Learn from the EU’s Mistakes on Data Retention?
Theresa May says the UK is not a surveillance state, but her proposed law might create one
Europe got phone spying wrong, now Obama should take heed
Data retention means you are on the record, like it or not
As the surge for data retention powers seems to continue, and to be presented as a core counter-terrorism power, it is apposite to bear in mind the Court of Justice’s warning on metadata. The Court note that such data retention constitutes a prima facie interference with fundamental rights, not least because so-called ‘metadata’ “may allow very precise conclusions to be drawn concerning…private lives”. The question facing policy makers now is how to limit collection of and access to data effectively in order to ensure that countering terrorism does not gives states the power to intrude on the privacy of all.