eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

211
active users

#dataretention

1 post1 participant0 posts today
Thomas Matern 🇪🇺<p>Dear politicians, <a href="https://mastodon.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> and <a href="https://mastodon.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> create investments and jobs in 🇩🇪 and the 🇪🇺 (EEA). Please keep this in mind when you fantasize again about <a href="https://mastodon.social/tags/DataRetention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataRetention</span></a> or <a href="https://mastodon.social/tags/ChatControl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChatControl</span></a>.</p><p><a href="https://mastodon.social/tags/proton" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proton</span></a> <a href="https://mastodon.social/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> <a href="https://mastodon.social/tags/EEA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EEA</span></a></p><p><a href="https://www.20min.ch/story/proton-ueberwachung-zu-streng-schweizer-techfirma-verlagert-ins-ausland-103387083" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">20min.ch/story/proton-ueberwac</span><span class="invisible">hung-zu-streng-schweizer-techfirma-verlagert-ins-ausland-103387083</span></a></p>
Markus Kastelitz<p>EPRS briefing: Access to data for law enforcement: Digital forensics | Think Tank | European Parliament<br><a href="https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2025)775879" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">europarl.europa.eu/thinktank/e</span><span class="invisible">n/document/EPRS_BRI(2025)775879</span></a><br>This is one of four briefings that explore different aspects of the roadmap for effective and <a href="https://legal.social/tags/lawfulaccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lawfulaccess</span></a> to data for law enforcement. These include a summary of the roadmap, and briefings on <a href="https://legal.social/tags/lawfulinterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lawfulinterception</span></a>, <a href="https://legal.social/tags/dataretention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataretention</span></a> and <a href="https://legal.social/tags/digitalforensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digitalforensics</span></a>:<br>Roadmap: <a href="https://www.europarl.europa.eu/thinktank/en/document/EPRS_ATA(2025)775880" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">europarl.europa.eu/thinktank/e</span><span class="invisible">n/document/EPRS_ATA(2025)775880</span></a><br>Lawful interception: <a href="https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2025)775881" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">europarl.europa.eu/thinktank/e</span><span class="invisible">n/document/EPRS_BRI(2025)775881</span></a><br>Data retention: <a href="https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2025)775878" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">europarl.europa.eu/thinktank/e</span><span class="invisible">n/document/EPRS_BRI(2025)775878</span></a></p>
Kai Bojens 🇪🇺🖖<p>I am looking for Members of Green Parties in EU member states (EGP) to connect about topics like <a href="https://gruene.social/tags/Chatcontrol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chatcontrol</span></a> <a href="https://gruene.social/tags/DataRetention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataRetention</span></a> <a href="https://gruene.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> and all that’s related to these topics in regard to privacy. </p><p>We can only stop this if we work together. </p><p>So, anyone from Europe who wants to join a small group of Greens from Germany who try to stop all this?</p><p><a href="https://gruene.social/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Europe</span></a> <a href="https://gruene.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> 🇪🇺</p>
EDRi<p>⚠️ WATCH OUT! European Commission&#39;s questionnaire for public consultation on <a href="https://eupolicy.social/tags/DataRetention" class="mention hashtag" rel="tag">#<span>DataRetention</span></a> has some really tricky and misguiding questions! ⚠️ </p><p>But don&#39;t worry - we&#39;ll be publishing an answering guide in early August to help you understand the questions and avoid the traps. Well in time for the September 12 deadline! 😌 </p><p>Stay tuned for the guide! 🗺️</p>
Games at Work dot biz<p>e519 with Michael, Andy and Michael - stories about <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> conversations with <a href="https://mastodon.social/tags/pets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pets</span></a> and people, <a href="https://mastodon.social/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://mastodon.social/tags/DataRetention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataRetention</span></a>, <a href="https://mastodon.social/tags/AISlop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AISlop</span></a>, <a href="https://mastodon.social/tags/Clippy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clippy</span></a>-esque prompts, <a href="https://mastodon.social/tags/AIWorkloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIWorkloads</span></a> in <a href="https://mastodon.social/tags/space" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>space</span></a> and a whole lot more.</p><p><a href="https://gamesatwork.biz/2025/06/30/e519-clippy-kittens/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gamesatwork.biz/2025/06/30/e51</span><span class="invisible">9-clippy-kittens/</span></a></p>
Michael Martine<p>e519 with Michael, Andy and Michael - stories about <a href="https://mstdn.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> conversations with <a href="https://mstdn.social/tags/pets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pets</span></a> and people, <a href="https://mstdn.social/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://mstdn.social/tags/DataRetention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataRetention</span></a>, <a href="https://mstdn.social/tags/AISlop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AISlop</span></a>, <a href="https://mstdn.social/tags/Clippy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clippy</span></a>-esque prompts, <a href="https://mstdn.social/tags/AIWorkloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIWorkloads</span></a> in <a href="https://mstdn.social/tags/space" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>space</span></a> and a whole lot more.</p><p><a href="https://gamesatwork.biz/2025/06/30/e519-clippy-kittens/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gamesatwork.biz/2025/06/30/e51</span><span class="invisible">9-clippy-kittens/</span></a></p>
Games at Work dot biz<p>e519 with Michael, Andy and Michael - stories about <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> conversations with <a href="https://mastodon.social/tags/pets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pets</span></a> and people, <a href="https://mastodon.social/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://mastodon.social/tags/DataRetention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataRetention</span></a>, <a href="https://mastodon.social/tags/AISlop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AISlop</span></a>, <a href="https://mastodon.social/tags/Clippy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clippy</span></a>-esque prompts, <a href="https://mastodon.social/tags/AIWorkloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIWorkloads</span></a> in <a href="https://mastodon.social/tags/space" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>space</span></a> and a whole lot more. <a href="https://gamesatwork.biz/2025/06/30/e519-clippy-kittens/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gamesatwork.biz/2025/06/30/e51</span><span class="invisible">9-clippy-kittens/</span></a></p>
Michael Martine<p><a href="https://mstdn.social/tags/shownotes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shownotes</span></a> for <span class="h-card" translate="no"><a href="https://mastodon.social/@gamesatwork_biz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gamesatwork_biz</span></a></span> <a href="https://mstdn.social/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcast</span></a> e519 with are done and publication set for tomorrow, Monday 30 June on <a href="https://www.gamesatwork.biz" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">gamesatwork.biz</span><span class="invisible"></span></a> together with <span class="h-card" translate="no"><a href="https://mstdn.social/@michaelrowe01" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>michaelrowe01</span></a></span> and <span class="h-card" translate="no"><a href="https://macaw.social/@andypiper" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>andypiper</span></a></span>. Find e519 on <span class="h-card" translate="no"><a href="https://mstdn.social/@Spotify" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Spotify</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@overcastfm" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>overcastfm</span></a></span> <span class="h-card" translate="no"><a href="https://x-activitypub-bridge.deno.dev/users/10228272" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>YouTube</span></a></span> and all your favorite podcast feeds! Stories on <a href="https://mstdn.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> conversations with <a href="https://mstdn.social/tags/pets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pets</span></a> and people, <a href="https://mstdn.social/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://mstdn.social/tags/DataRetention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataRetention</span></a>, <a href="https://mstdn.social/tags/AISlop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AISlop</span></a>, <a href="https://mstdn.social/tags/Clippy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clippy</span></a>-esque prompts, <a href="https://mstdn.social/tags/AIWorkloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIWorkloads</span></a> in <a href="https://mstdn.social/tags/space" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>space</span></a> and so much more.</p><p>Be sure to subscribe on <a href="https://www.gamesatwork.biz" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">gamesatwork.biz</span><span class="invisible"></span></a> so you don’t miss an episode!</p>
Continued thread

European Commission- Call for applications - Expert Group for a Technology Roadmap on Encryption (E04005) ACTIVE - deadline 1 September 2025.
#dataretention #lawfulinterception #digitalforensics #encryption

"The selection shall prioritise experts with technical profiles, coming from either public or private sector, whilst aiming to ensure proportional representation across the following fields of expertise: • Home affairs, ideally with an experience in fighting high-tech crime, and/or a background in the area of decryption and artifact extraction, computer forensics, network forensics, smartphone forensics, cloud forensics, IoT forensics, memory forensics and/or lawful interception; • Cybersecurity. with diverse backgrounds including but not limited to vulnerability management, evaluation of cybersecurity risks and certification and encryption (including quantum and post-quantum cryptography); • Telecommunication, including with experience in computer networks/Internet, 5G/6G, IoT, VoIP, Satellite, Quantum communication and/or encrypted communication applications; • Big data analysis, including with expertise in AI technologies; • Standardisation, notably in relation with cybersecurity and/or telecommunication technologies, including protocol networks, exchanges of digital data, and lawful interception; • Justice and fundamental rights, including experience in data protection and privacy, as well as experience in criminal justice, such as cyber-enabled and/or cyber-dependent crimes"

ec.europa.eu/transparency/expe

"We strongly oppose the adoption of new EU rules forcing electronic communications service providers to massively retain their users’ traffic and location data beyond what is necessary for service and billing purposes..We believe that this obligation:

- constitutes mass surveillance, which unacceptably undermines the rights to privacy and data protection and thus, endangers the exercise of other fundamental rights enabled by them such as freedom of expression and information, freedom of assembly and association, the right to a fair trial, to health care, to social protection and social assistance, etc.;

- has been found contrary to the EU Charter of Fundamental Rights by the Court of Justice of the European Union (CJEU)

- creates inadmissible data security risks, considering that the vast amounts of personal data retained for law enforcement are vulnerable to cyberattacks (which happen on a regular basis with disastrous consequences for people affected)"

edri.org/our-work/joint-civil-

European Digital Rights (EDRi)Impact assessment on data retention - European Digital Rights (EDRi)Last week, the EDRi network expressed shared concerns about the introduction of new rules at EU level on the retention of data.

Hello people!
The Commission has put out their public consultation questionnaire on #dataretention 💀
Deadline: 12 September - we have time :)

⚠️ WATCH OUT some of the questions are REALLY tricky and misguiding.

@edri will put out during the summer an answering guide to help you understand the intentions and context behind some of these questions & hopefully to avoid falling in some of these traps 🕳️

Follow @edri and look out for the answering guide ✌️

Data Retention and Democratic Resilience
A critical policy analysis of security, legality and fundamental rights within the European Union.

https://scribe.disroot.org/post/2914542

#EU #Surveillance #DigitalRights #Privacy #AI #DataRetention


scribe.disroot.org
scribe.disroot.orgDoes Data Retention Prevent Crime? - D•ScribeDoes Data Retention Prevent Crime? A Critical Analysis in Light of Union Law, Fundamental Rights, and Alternative Policy Models Executive Summary This study provides a critical analysis of the effectiveness of general and indiscriminate data retention practices practices within the European Union (EU) regarding crime prevention. Particularly in the context of criminal proceedings, it becomes evident that data retention practices does not deliver the expected security gains, while simultaneously posing significant threats to EU fundamental rights such as the right to privacy, freedom of expression, and the protection of private life. Key Findings: Weak Legal Foundation: The practice of comprehensive data retention practices contradicts primary EU law, as confirmed by the jurisprudence of the Court of Justice of the European Union (CJEU) (Digital Rights Ireland, Tele2 Sverige). Limited Effectiveness: Independent research indicates that it does not improve the crime clearance rate. Interference with Fundamental Rights: Journalism, activism, and political opposition are affected by chilling effects. Increasing Economic Burden: Smaller providers bear excessive costs; cybersecurity risks are on the rise. Technological Inadequacy: In the age of IoT, 5G, and artificial intelligence (AI), data volumes are exploding, making these storage models increasingly intrusive and uncontrollable. Key Recommendations to the Commission: General forms of data retention practices should be strictly avoided. Member States should promote targeted models with time limits and independent judicial authorization. The right to encryption and anonymity should be respected, and users’ digital privacy strengthened. Supportive infrastructures and policies to alleviate the burden on small and medium-sized enterprises should be developed, with particular consideration for economic impacts. 1. Introduction With ongoing digitalization, methods of combating crime have also evolved. One such method is data retention practices, which is widespread, under the pretext of counter-terrorism. Nevertheless, these general and indiscriminate practices pose significant risks to individual freedoms and often fail to achieve the intended security objectives. This study, as part of the European Commission’s Impact Assessment process, thoroughly examines the dimensions of necessity, proportionality, impact on EU fundamental rights, utility for criminal justice, and economic costs of current data retention practices policies. Furthermore, their future viability in the age of new technologies is analyzed. 2. Methodology The study is based on a qualitative content analysis. Key sources include: Jurisprudence of the Court of Justice of the European Union (Court of Justice of the European Union (CJEU)): the Digital Rights Ireland and Tele2 Sverige decisions. European Court of Human Rights (European Court of Human Rights (ECtHR)): the Big Brother Watch v. United Kingdom decision. Independent Reports: such as those from ENISA (European Union Agency for Cybersecurity) and the European Parliament. National Case Studies: such as the Turkish ByLock case. Additionally, statistical data and economic cost analyses were included to evaluate both the effectiveness and the social and technical consequences of data retention practices. 3. Literature Review Research on data retention practices can be broadly categorized into three areas: 3.1 Legal Approaches Binns (2018) meticulously analyzes the incompatibility of these practices with the right to privacy. De Hert & Poullet (2013) address the legitimacy of such measures in light of EU fundamental rights. 3.2 Effectiveness Assessment Hoofnagle et al. (2012) demonstrate that data retention practices measures introduced under the Patriot Act in the USA showed no measurable effect. ENISA (2020) highlights the technical and financial burdens faced by small providers. 3.3 Political and Societal Impacts Lyon (2018) links these policy forms to the emergence of a “surveillance society.” Zuboff (2019) exposes how platforms commercially exploit personal data—a phenomenon she describes as “surveillance capitalism.” 4. Data Retention and EU Law: Necessity and Proportionality 4.1 Necessity Test In the view of the Court of Justice of the European Union (CJEU), general data retention practices practices do not pass the necessity test. They have so far failed to provide clear evidence of their suitability against terrorism or serious crimes. 4.2 Proportionality Test The principles of proportionality are violated because: All citizens are indiscriminately affected. No suspicion is required. The retention period is excessive (up to two years). No prior authorization by independent courts is mandated. 5. Utility for Criminal Justice 5.1 Presumption of Innocence This policy encourages “fishing expeditions,” which in turn undermines the presumption of innocence. 5.2 Example Turkey – ByLock Case Millions of individuals were suspected without concrete evidence based solely on the use of an app (ByLock); mere presence in metadata was sufficient. 6. Economic and Technical Costs 6.1 Impact on Service Providers ENISA (2020) notes that small providers, in particular, face disproportionate financial pressure. 6.2 Cybersecurity Risks The inability to securely store sensitive data leads to: Massive data breaches. Increased risks to public safety. Loss of trust in digital systems. 7. Future Outlook: IoT, 5G, and Artificial Intelligence The explosive increase in data volumes due to IoT, 5G, and artificial intelligence (AI) renders traditional storage models unsuitable. artificial intelligence (AI) today goes beyond mere analysis—it can derive new correlations that further endanger EU fundamental rights. 7.1 New Risks Posed by artificial intelligence (AI) and Mass Data Analysis Automated Profiling and Discrimination: artificial intelligence (AI) models learn from historical data. If these data contain systematic biases (e.g., association with a criminal offense solely based on using an app like ByLock, which can lead to collective stigmatization), such biases can be automatically reproduced and discriminatory practices intensified, unjustly targeting groups or individuals. False Positives and Weakening of the Presumption of Innocence: Statistically relevant correlations can be misleading or oversimplified. For example, a model might falsely identify a user group as statistically linked to “suspicious” activity based on the use of a particular app, even if there is no concrete individual evidence. This undermines the presumption of innocence. Opacity and Lack of Transparency: Often, artificial intelligence (AI) systems operate as black boxes, whose decision-making processes are not explicit or easily traceable. This makes it difficult for affected individuals to ascertain the reasons for surveillance measures or other decisions concerning them, or to effectively defend themselves against them, thereby impairing the right to an effective remedy. 7.2 Lack of Adaptation of Current Policy to New Technologies Existing data retention practices rules are not equipped to handle the rapidly increasing data streams from IoT, the speed of 5G, or the predictive capabilities of artificial intelligence (AI). This leads to general storage models becoming unmanageable and misuse risks increasing. Without independent judicial control, massive risks of abuse threaten to undermine social justice and EU fundamental rights. Conclusion to Chapter 7 In developing future artificial intelligence (AI)-supported methods for combating crime, the principles of data collection and analysis must be subjected not only to technical but also to strict ethical and legal limits. Otherwise, general data retention practices measures combined with artificial intelligence (AI) could lead to a structure that contradicts the values of democratic societies, violates human dignity, and opens the door to arbitrary interventions. 8. Conclusions and Recommendations General data retention practices possesses neither a stable legal basis nor demonstrable effectiveness. It directly attacks the most EU fundamental rights. Specific Recommendations to the Commission: The Commission should determine that these practices are incompatible with primary Union law, as confirmed by Court of Justice of the European Union (CJEU) jurisprudence. Member States should receive clear guidelines to promote targeted, proportionate models limited to serious crimes, under independent judicial control. Frameworks for the protection of encryption, anonymity, and digital privacy must be strengthened. Small and medium-sized service providers burdened by the requirements should be relieved through technical and financial support. Bibliography Binns, R. (2018). Algorithmic Accountability and Transparency in the EU GDPR. Philosophy & Technology, 31(2), 211–233. De Hert, P., & Poullet, Y. (2013). The Data Retention Directive: The Ghost that Should Not Walk. Computer Law & Security Review, 29(6), 673–683. Hoofnagle, C. J. et al. (2012). How Different is Privacy Law in Europe vs. the US? Berkeley Technology Law Journal, 28(2), 411–454. Lyon, D. (2018). The Culture of Surveillance: Watching as a Way of Life. Polity Press. Zuboff, S. (2019). The Age of Surveillance Capitalism. PublicAffairs. European Court of Human Rights (ECtHR) (2021). Big Brother Watch and Others v. the United Kingdom, Application no. 58170/13. Court of Justice of the European Union (CJEU) (2014). Digital Rights Ireland Ltd v. Minister for Communications, Marine and Natural Resources and Others, Case C-293/12. Court of Justice of the European Union (CJEU) (2016). Tele2 Sverige AB v. Post- och telestyrelsen and Secretary of State for the Home Department v. Tom Watson and Others, Joined Cases C-203/15 and C-698/15. ENISA (2020). Data Retention Practices in Europe. European Union Agency for Cybersecurity. European Parliament (2019). Privacy and Data Protection in Law Enforcement.

Data Retention and Democratic Resilience
A critical policy analysis of security, legality and fundamental rights within the European Union.

scribe.disroot.org/post/2914542

scribe.disroot.orgDoes Data Retention Prevent Crime? - D•ScribeDoes Data Retention Prevent Crime? A Critical Analysis in Light of Union Law, Fundamental Rights, and Alternative Policy Models Executive Summary This study provides a critical analysis of the effectiveness of general and indiscriminate data retention practices practices within the European Union (EU) regarding crime prevention. Particularly in the context of criminal proceedings, it becomes evident that data retention practices does not deliver the expected security gains, while simultaneously posing significant threats to EU fundamental rights such as the right to privacy, freedom of expression, and the protection of private life. Key Findings: Weak Legal Foundation: The practice of comprehensive data retention practices contradicts primary EU law, as confirmed by the jurisprudence of the Court of Justice of the European Union (CJEU) (Digital Rights Ireland, Tele2 Sverige). Limited Effectiveness: Independent research indicates that it does not improve the crime clearance rate. Interference with Fundamental Rights: Journalism, activism, and political opposition are affected by chilling effects. Increasing Economic Burden: Smaller providers bear excessive costs; cybersecurity risks are on the rise. Technological Inadequacy: In the age of IoT, 5G, and artificial intelligence (AI), data volumes are exploding, making these storage models increasingly intrusive and uncontrollable. Key Recommendations to the Commission: General forms of data retention practices should be strictly avoided. Member States should promote targeted models with time limits and independent judicial authorization. The right to encryption and anonymity should be respected, and users’ digital privacy strengthened. Supportive infrastructures and policies to alleviate the burden on small and medium-sized enterprises should be developed, with particular consideration for economic impacts. 1. Introduction With ongoing digitalization, methods of combating crime have also evolved. One such method is data retention practices, which is widespread, under the pretext of counter-terrorism. Nevertheless, these general and indiscriminate practices pose significant risks to individual freedoms and often fail to achieve the intended security objectives. This study, as part of the European Commission’s Impact Assessment process, thoroughly examines the dimensions of necessity, proportionality, impact on EU fundamental rights, utility for criminal justice, and economic costs of current data retention practices policies. Furthermore, their future viability in the age of new technologies is analyzed. 2. Methodology The study is based on a qualitative content analysis. Key sources include: Jurisprudence of the Court of Justice of the European Union (Court of Justice of the European Union (CJEU)): the Digital Rights Ireland and Tele2 Sverige decisions. European Court of Human Rights (European Court of Human Rights (ECtHR)): the Big Brother Watch v. United Kingdom decision. Independent Reports: such as those from ENISA (European Union Agency for Cybersecurity) and the European Parliament. National Case Studies: such as the Turkish ByLock case. Additionally, statistical data and economic cost analyses were included to evaluate both the effectiveness and the social and technical consequences of data retention practices. 3. Literature Review Research on data retention practices can be broadly categorized into three areas: 3.1 Legal Approaches Binns (2018) meticulously analyzes the incompatibility of these practices with the right to privacy. De Hert & Poullet (2013) address the legitimacy of such measures in light of EU fundamental rights. 3.2 Effectiveness Assessment Hoofnagle et al. (2012) demonstrate that data retention practices measures introduced under the Patriot Act in the USA showed no measurable effect. ENISA (2020) highlights the technical and financial burdens faced by small providers. 3.3 Political and Societal Impacts Lyon (2018) links these policy forms to the emergence of a “surveillance society.” Zuboff (2019) exposes how platforms commercially exploit personal data—a phenomenon she describes as “surveillance capitalism.” 4. Data Retention and EU Law: Necessity and Proportionality 4.1 Necessity Test In the view of the Court of Justice of the European Union (CJEU), general data retention practices practices do not pass the necessity test. They have so far failed to provide clear evidence of their suitability against terrorism or serious crimes. 4.2 Proportionality Test The principles of proportionality are violated because: All citizens are indiscriminately affected. No suspicion is required. The retention period is excessive (up to two years). No prior authorization by independent courts is mandated. 5. Utility for Criminal Justice 5.1 Presumption of Innocence This policy encourages “fishing expeditions,” which in turn undermines the presumption of innocence. 5.2 Example Turkey – ByLock Case Millions of individuals were suspected without concrete evidence based solely on the use of an app (ByLock); mere presence in metadata was sufficient. 6. Economic and Technical Costs 6.1 Impact on Service Providers ENISA (2020) notes that small providers, in particular, face disproportionate financial pressure. 6.2 Cybersecurity Risks The inability to securely store sensitive data leads to: Massive data breaches. Increased risks to public safety. Loss of trust in digital systems. 7. Future Outlook: IoT, 5G, and Artificial Intelligence The explosive increase in data volumes due to IoT, 5G, and artificial intelligence (AI) renders traditional storage models unsuitable. artificial intelligence (AI) today goes beyond mere analysis—it can derive new correlations that further endanger EU fundamental rights. 7.1 New Risks Posed by artificial intelligence (AI) and Mass Data Analysis Automated Profiling and Discrimination: artificial intelligence (AI) models learn from historical data. If these data contain systematic biases (e.g., association with a criminal offense solely based on using an app like ByLock, which can lead to collective stigmatization), such biases can be automatically reproduced and discriminatory practices intensified, unjustly targeting groups or individuals. False Positives and Weakening of the Presumption of Innocence: Statistically relevant correlations can be misleading or oversimplified. For example, a model might falsely identify a user group as statistically linked to “suspicious” activity based on the use of a particular app, even if there is no concrete individual evidence. This undermines the presumption of innocence. Opacity and Lack of Transparency: Often, artificial intelligence (AI) systems operate as black boxes, whose decision-making processes are not explicit or easily traceable. This makes it difficult for affected individuals to ascertain the reasons for surveillance measures or other decisions concerning them, or to effectively defend themselves against them, thereby impairing the right to an effective remedy. 7.2 Lack of Adaptation of Current Policy to New Technologies Existing data retention practices rules are not equipped to handle the rapidly increasing data streams from IoT, the speed of 5G, or the predictive capabilities of artificial intelligence (AI). This leads to general storage models becoming unmanageable and misuse risks increasing. Without independent judicial control, massive risks of abuse threaten to undermine social justice and EU fundamental rights. Conclusion to Chapter 7 In developing future artificial intelligence (AI)-supported methods for combating crime, the principles of data collection and analysis must be subjected not only to technical but also to strict ethical and legal limits. Otherwise, general data retention practices measures combined with artificial intelligence (AI) could lead to a structure that contradicts the values of democratic societies, violates human dignity, and opens the door to arbitrary interventions. 8. Conclusions and Recommendations General data retention practices possesses neither a stable legal basis nor demonstrable effectiveness. It directly attacks the most EU fundamental rights. Specific Recommendations to the Commission: The Commission should determine that these practices are incompatible with primary Union law, as confirmed by Court of Justice of the European Union (CJEU) jurisprudence. Member States should receive clear guidelines to promote targeted, proportionate models limited to serious crimes, under independent judicial control. Frameworks for the protection of encryption, anonymity, and digital privacy must be strengthened. Small and medium-sized service providers burdened by the requirements should be relieved through technical and financial support. Bibliography Binns, R. (2018). Algorithmic Accountability and Transparency in the EU GDPR. Philosophy & Technology, 31(2), 211–233. De Hert, P., & Poullet, Y. (2013). The Data Retention Directive: The Ghost that Should Not Walk. Computer Law & Security Review, 29(6), 673–683. Hoofnagle, C. J. et al. (2012). How Different is Privacy Law in Europe vs. the US? Berkeley Technology Law Journal, 28(2), 411–454. Lyon, D. (2018). The Culture of Surveillance: Watching as a Way of Life. Polity Press. Zuboff, S. (2019). The Age of Surveillance Capitalism. PublicAffairs. European Court of Human Rights (ECtHR) (2021). Big Brother Watch and Others v. the United Kingdom, Application no. 58170/13. Court of Justice of the European Union (CJEU) (2014). Digital Rights Ireland Ltd v. Minister for Communications, Marine and Natural Resources and Others, Case C-293/12. Court of Justice of the European Union (CJEU) (2016). Tele2 Sverige AB v. Post- och telestyrelsen and Secretary of State for the Home Department v. Tom Watson and Others, Joined Cases C-203/15 and C-698/15. ENISA (2020). Data Retention Practices in Europe. European Union Agency for Cybersecurity. European Parliament (2019). Privacy and Data Protection in Law Enforcement.