8 Nov 2012
OII Professor Ian Brown explores cybercrime at the 2012 Internet Governance Forum in Azerbaijan. Regarding the EU Data Retention Directive, Brown states that it mistakenly does not distinguish between data specifically held as a result of data retention rules and data held by ISPs for business purposes. For this reason, among others, several constitutional courts of EU member states have ruled that parts or all of the Directive are unconstitutional and advocate for more transparency to justify the level of intrusion. Brown additionally relates that there are varying levels of intrusiveness associated with different types of traffic and communications data; for example, while subscriber data is less controversial, real-time location is not. Brown concludes by stating that more judicial oversight over surveillance capacities is essential, yet currently non-existent in many countries (e.g. the UK, where authorities self-authorise access to data).