Transposing the Data Retention Directive in Greece: Lessons from Karlsruhe Anna Tsiftsoglou & Spyridon Flogaitis (University of Athens, Greece) 4th International Conference-Information Law & Ethics Thessaloniki, Greece, May 20-21st, 2011

What Karlsruhe Said (2010)

1. The ‘Privacy Test’ 10GG & ‘informational self-determination’ 8 EU Charter Fund. Rights/ 8 ECHR (privacy) Three-level test (legality – legitimacy – proportionality) Proportionality involves additional safeguards to counterbalance intensity of interference “Diffuse Threat” – chilling effects Data Retention useful law enforcement tool (profiling techniques)

Proportionality check Purpose Limitation Minimize Scope of Data Processing – use plain and concrete language- enlist specific crimes High Data Security Standards No discretion left to operators Independent Authorities may assume regulatory role Transparency of Processing Effective Legal Protection Judicial Control/ Legal Sanctions/ Liability

Court Assessment Present structure of provisions lacks the above four standards  dis-proportional Contrary to 10GG/ extends to traffic data Dissent (Schluckebier/Eichberger)- Judicial activism/ changing nature of public safety

2. Telecom Providers ‘Guarantors’ of personal data ? New public-private networks/ data processing models / distributed surveillance Financial burdens – who pays? 12GG/ 14GG/ Art1-First Protocol to ECHR BVerfG says it does not exceed obligations if it is proportional Market assumes cost shifts it to consumers?

3. Karlsruhe v Luxembourg

Karlsruhe v. Luxembourg No referral (267TFEU) to ECJ – no ‘dialogues’ C-301/07  ECJ confirmed 95EC as proper legal basis for DRD – reversed PNR ruling Data retention as an ‘internal market affair’ – promoted EU Parliament’s position Principle of Subsidiarity Retention & storage  EU law Access & use national law

Karlsruhe v. Luxembourg ‘sovereignty’ v ‘integration’-oriented approach German constitutional identity as upper limit Institutional balances – international spirit

The Greek Transposition

*Law 3917/2011* Late transposition – C-211/09 Traffic & location data treated as elements of ‘intimate communication’ 19Gr.Constitution Enhanced guarantees- executive law 2225/94 Additional guarantees provided by new law Failure to provide effective DP control: ‘Institutional verbosity’ Merger of administrative authorities

The ‘Moment of Truth’ for the Data Retention Directive

The EC Evaluation (April 2011) Judicial Developments More than 6 national courts have declared national transposing laws unconstitutional since 2008 Irish Referral to ECJ (2010) – case pending Regulatory Developments (major deviations) ‘Data Retention a valuable tool’ (true?) Commissioner Malmström: “I intend to review the Directive to clarify who is allowed to access the data, the purpose & procedures for accessing it” (Press Release, 18.4.2011)

Lessons from Karlsruhe Guarantees Supervision Sanctions, liability Proportionality ‘quality of law’ - Purpose limitation Assessment tool for anti-terrorist measures Self-regulation Inadequate - privacy standards should be imposed

Digital Activism

“Freiheit statt Angst” (Freedom, not Fear) Berlin, October 11th 2008 – approximately 70,000 protesters – biggest privacy event in German history

Patrick Breyer – the brain behind the BVerfG case

The Biggest in the Court’s History Former PhD Student who wrote a thesis on ‘data retention’- His Movement ‘AK Vorrat’ managed to initiate 34,000 constitutional complaints to Karlsruhe- The Biggest in the Court’s History