Säpo

Limiting data retention would have serious consequences for Swedish security

2017-10-13

Data retention is essential to the ability to detect terrorist networks, prevent terrorist attacks and counter espionage. Not giving the Swedish Security Service access to telecommunications data held by operators will have serious consequences for the Service’s operational capability and for Swedish security. This is stated by the Service’s experts in their comments to the proposals of the Commission on Data Retention and EU Law which were presented on 11 October.

Following the Court of Justice of the European Union (CJEU) December 2016 judgment on data retention, the Security Service has found it difficult to obtain telecommunications data from operators. This has led to major problems in the Service’s crime-fighting activities, as the lack of telecommunications data has made it more difficult to detect and prevent terrorist offences and other serious crime, such as espionage.  

On 11 October, the commission presented its draft report proposing changes to Swedish data retention regulations to be made as a result of the CJEU judgment. The Service’s experts in the commission have presented their views in a separate comment added to the proposal.

"We fully understand the complexity of the commission’s task. But if the proposal that operators no longer need to retain certain data is accepted, this will have serious consequences for our Service’s work. In the cases we handle, traffic and location data is often the first and only actionable information we have, and without this information we cannot maintain our operational capability. This will have negative consequences for national security," says Johan Olsson, Head of Operations.

Unique information

Telecommunications data is vital in e.g. assessing possible threats that our Service receives information about through our extensive intelligence flow. Being able to confirm or dismiss information on planned attacks while under time pressure depends on the ability to link individuals to certain locations at certain times. The information provided by telecommunications operators is unique and cannot be obtained using other methods.

"This isn’t about having free access to this data, but about us having access when there are suspicions of serious crime.  Not having this data will make it considerably more difficult for the Security Service to assess attack threats. In the worst case, this would result in terrorist crimes that could have been prevented," says Johan Olsson.

The Security Service’s experts point out that the world has changed since the CJEU judgment. Sweden has experienced a full-blown terrorist attack. International cooperation and exchange of information between law enforcement agencies is increasing. Public attention has been drawn to matters concerning counter-intelligence and the deficient protective security measures of some public agencies. All this should be considered when reviewing Swedish data retention regulations, and Sweden should also address this issue with the EU.