This week’s most important digital policy news was, of course, the European Court of Justices ruling that declares the Data Retention Directive invalid. Many pirates and so-called internet activists have celebrated this as a victory, and certainly the court had good reasons for its ruling—the directive was too broad, not clearly defined in purpose, combined different types of crime, and raised concerns about privacy. The last problem has only become more serious following the Snowden leaks last year, which confirm wide-spread government surveillance, not as a potential threat but as a reality
However, make no mistake—only because data retention is not regulated in European law (anymore) does not mean no states have such rules. On the contrary, it is just not harmonised across Europe. Whether that is good or bad probably depends on your view on the European Union as a whole, but nevertheless, in no way does it help the highly anticipated Digital Single Market. Also, even if there is no law demanding that operators keep traffic data, of course they still can (and do) for whatever purposes. You are still being monitored; only the rules for that have not been decided by your elected officials.
Making laws for the digital space is not easy. So the directive was too wide? Well, how can it be narrow if technology, business models, user behaviour, other rules, and much more change all the time? Any legislation concerning such a moving target needs to be flexible to be future-proof.
So what is the way forward? Netopia does not claim to have the final answer, but one clue can be taken from Oxford professor of internet governance Viktor Mayer-Schönberger. In his 2013 book Big Data (with Kenneth Cukier), he suggests a shift from regulating the collection of data to regulating the use of it. In that way, responsibility would be demanded from the actual use rather than the potential risks of keeping the information. Perhaps that is the way out for DRD 2.0?
