Founder and Director: Yaman Akdeniz , LL.B, MA
E-mail: Tel: +44 (0) 7798 865116 - Fax: +44 (0) 7092199011

   Home Page | About Us | Press Enquiries| Reports | Policy Issues | News Items | Press Releases | Mailing Lists | Bookstore

Information Commissioner – Annual Report and Accounts 2001

Responding to Cybercrime (pages 14-15)

Developments in communications, particularly the Internet and mobile phones, have provided new opportunities for criminals. The new media can be an integral part of the criminal activity, as is the case with the distribution of child pornography on the Internet, or merely a means of communication through which unrelated criminal activity is facilitated. Not surprisingly law enforcement agencies want the ability to access these communications. The challenge is to ensure that such access is limited to cases where the need to prevent or detect crime or safeguard national security justifies the privacy intrusion. In some cases the new media provide new opportunities for surveillance. One example is the use of the increasingly precise location data generated by mobile phones to track individuals’ movements. The use of such data where they are a key element of addressing specific criminal activity will be justified provided proper controls are in place. However, the temptation to use them as a more general resource to spot, and require individuals to account for, apparently suspicious patterns of activity should be resisted. In other cases the new media mean that existing opportunities for surveillance may be lost. An example is the move to carry voice messages over the internet rather than through traditional telephone systems which may render conventional ‘telephone tapping’ techniques obsolete. Here there is a temptation to generate and store personal information solely on the basis that it might come in useful for law enforcement purposes. Again, we must ensure that the measures in place are a proportionate response to the problem the law enforcement agencies face, that as far as possible information is only generated and stored on those under suspicion and that existing safeguards are strengthened not weakened. It is, for example, hard to see the case for imposing a requirement on telecommunications providers to retain all traffic data for a period of seven years as has been suggested in some quarters. Cybercrime does not recognise national borders. There are several international initiatives to develop cooperation between countries including a draft convention from the Council of Europe and work undertaken by the G8 group of countries. We are concerned that the international organisations involved, not least the Council of Europe with its human rights pedigree, and the UK’s negotiators should give proper weight to privacy and data protection considerations. International cooperation inevitably involves the exchange of personal information. In the UK, the EU and in an increasing number of countries throughout the rest of the world this personal information is protected by data protection law. It is essential that if other countries wish to be party to the exchange of personal information in the context of tackling cybercrime they should accept obligations to handle the personal data they receive in accordance with recognised data protection standards.

Chapter 5: International and European Work 

The Council of Europe Cybercrime Convention  (pages 35-36)

The issue of cybercrime was raised in Chapter 2.This issue, which has raised concerns nationally, in Europe and at a wider international level, presents a real risk about which governments are properly concerned. The Council of Europe has become the forum in which negotiations to develop a Cybercrime Convention are being conducted. The retention of traffic data beyond the period demanded by technical and commercial reasons would be an invasion of the right to private life assured by Article 8 of the European Convention on Human Rights. The Data Protection Commissioners made their position clear at Stockholm in April 2000 and reaffirmed that view at their Spring Conference in Athens on 10 and 11 April 2001 by the following Declaration:

"The Spring 2001 Conference of European Data Protection Commissioners notes with continuing concern proposals that ISP’s (Internet service providers) should routinely retain traffic data beyond the requirements of billing purposes in order to permit possible access by law enforcement bodies. The Conference emphasizes its view expressed in Stockholm that such retention would be an improper invasion of the fundamental rights guaranteed to individuals by Article 8 of the European Convention on Human Rights and in relation to the processing of personal data by the 1981 Council of Europe Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (Convention 108).The Conference point out that such retention would also invade the rights specified by Articles 8 and 7 of the Charter of Fundamental Rights of the European Union. Where traffic data are to be retained in specific cases, there must be a demonstrable need, the period of retention must be a short as possible, and the practice must be clearly regulated by law."

The full report published on July 11, 2001 is at