About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

Former Minister of Justice misses the target

In an article (in Swedish) in SvD the former Swedish Minister of Justice, Thomas Bodström, declare the Data Retention Directive a great success.

That is not a correct statement. It is an failure. The legislation demonstrates that:

  • People at Department(s) of Justice all over Europe (including Sweden) do not communicate with people actually responsible for the political areas new legislation like this hits (in this case IT)
  • Just because you get a directive, that is not enough to get harmonization between the legislation in the Member States
  • Although you have legislation, it does not have to solve the problem that was to be solved to begin with
  • Legislation can be created quite quickly without looking at the implementation costs
  • I.e. the whole process of creation of this directive, and yes, Sweden was one of the countries, is a failure from the beginning to the end (and no, we are not at the end yet). People following this blog have seen my notes on how broken the directive is, and how broken the legislation is in the countries where it is implemented. It is of very low quality. And the reason for this is simple, because people with interest in creation of legislation do not listen (enough) to people with expertise in the area the legislation is covering.

    Solving this is so simple. Communicate early in the process what the problem is that is to be solved, and people that know how to solve those problems can help, and then legislation is created that helps those processes to work as efficient as possible.

    In the case of data retention, legislation has been proposed that does not solve the problem that is to be solved, at a cost that is at best high (or unknown), and because of this it has impact on privacy and integrity. People do not think it is worth it. Because it will not help.

    But there is light at the end of the tunnel. Now I hope the European Commission do understand the directive does not lead to harmonization, or at least will find that quickly during the review. And locally one do understand the correct data is not collected, so the help is minimal. And the cost is high. At the same time I see evidence that within Sweden there is more discussion between people creating legislation and the ones that know for example IT. But, we are not there yet.

    Can we please work more together in the future? For example when starting over again?

    Comments are closed.