Data Retention’s Blind Spot

This week’s most important digital policy news was of course the European Court of Justices ruling that declares the Data Retention Directive invalid. Many pirates and so-called internet activists have celebrated this as a victory, and certainly the court had good reasons for its ruling – the directive was too broad, not clearly defined in purpose, combined different types of crime and raised concerns about privacy. The last problem has only become more serious following the Snowden leaks last year, which confirm wide-spread government surveillance, not as a potential threat but as a reality

However, make no mistake – only because data retention is not regulated in European law (anymore) does not mean no states have such rules. On the contrary, it is just not harmonised across Europe. Whether that is good or bad probably depends on your view on the European Union as a whole, but nevertheless in no way does it helps the highly anticipated Digital Single Market. Also, even if there is no law demanding that operators keep traffic data, of course they still can (and do) for whatever purposes. You are still being monitored, only the rules for that have not been decided by your elected officials.

Making law for the digital space is not easy. So the directive was too wide? Well, how can it be narrow if technology, business models, user behaviour, other rules and much more changes all the time? Any leglislation concerning such a moving target needs to be flexible to be be future-proof.

So what is the way forward? Netopia does not claim to have the final answer, but one clue can be taken from Oxford professor of internet governance Viktor Mayer-Schönberger. In his 2013 book Big Data (with Kenneth Cukier) he suggests a shift from regulating the collection of data, to the regulating the use of it. In that way, responsibility would be demanded from the actual use, rather than the potential risks of keeping the information. Perhaps that is the way out for DRD 2.0?