Peru’s controversial new data retention law
Data Privacy and Security

Peru’s controversial new data retention law

Peru has introduced a controversial new data retention law that will allow authorities to access user data from telecoms, such as whom they communicate with and for how long and where they are communicating from. Crucially the decree states [Spanish] that location data is no longer a protected private communication under the Peruvian constitution.

Telecom providers in Peru will be required to retain this user data for one year. Authorities can access the data in real time as well as historical location data. Telecoms can also be obliged to retain data for an additional two years.

The Electronic Frontier Foundation reports that the decree was adopted with no public consultation and under legislation covering crime and public safety. The document mentions attempts to stem organised crime, drug trafficking, and illegal logging, but it was passed a day before a public holiday when it could possibly seep through the cracks unnoticed and avoid debate.

Miguel Morachimo, director of NGO Hiperderecho, told the EFF that removing the privacy safeguards for location data is a clear mistake and gives the police too much power to access that data. “The fact that it was directly approved by the Executive Branch without prior debate and in the middle of national holiday season is especially undemocratic,” he said.

One of the biggest bones of contention with the Peruvian law is over geolocation data and removing its privacy safeguards in the face of growing concerns around the sensitivity of such data. In 2011 for example, the EU published its official opinion [PDF] on geolocation data, stating that because smartphones are inextricably linked to their owner, it can provide a “very intimate insight into the private life of the owners”.

“This will leave Peruvian police with access to more precise, more comprehensive, and more pervasive data than would ever have been possible under previous policies,” wrote Global Voices, which criticised the government for ignoring the potential abuses.

National newspaper La Republica reports that telecoms will only hand over data from within a 300 to 500 square metre zone around a cell tower where a suspect is believed to be located or to have committed a crime, according to General Jose Lavelle, the head of the national police, Policía Nacional del Perú (PNP).

“There’s no way this law allows us to intercept telephone calls, let alone force telephone companies to provide information on the contents of communications,” said General Lavalle. He defended the law saying that it just speeds up the process of accessing data in an investigation.

The decree is unusual in that it goes against the trend of countries repealing data retention laws, New York-qualified technology lawyer Paul Lanois tells IDG Connect.

Neighbouring Argentina amended its National Telecommunications Law in 2004, which required ISPs to store traffic data for a 10 year period. In 2007, the Argentinian Supreme Court ruled that the law was unconstitutional and by 2009 the court annulled the law, calling it a “drastic interference with the private sphere of the individual”.

In 2009, Brazil heard the case of Escher et al v. Brazil. Arlei José Escher and several others who were members of two groups representing agricultural and rural worker interests had their telephone conversations tapped by police in 1999 with the details later published in national newspapers. While the State accepted no responsibility, the court found that the police violated the American Convention on Human Rights, specifically Article 11 protecting phone conversations.

“This is particularly interesting because Peru is a signatory of the convention,” explains Lanois. There may be grounds for the new Peruvian law to be challenged in the Inter-American Court of Human Rights, he says, with the Escher case as a precedent.

In more recent times, the Court of Justice of the European Union ruled that the EU’s Data Retention Directive is invalid following a challenge from the group Digital Rights Ireland. Challenges to data retention and surveillance have become more common in a post Edward Snowden world but have been ongoing for years.

Despite assurances from the PNP that the law will only be used for the worst of crimes, it has been criticised heavily in Peru’s national media with calls for reforms. Writing in La Republica, columnist Marco Sifuentes said that the government, led by President Ollanta Humala, is “for all intents and purposes a kind of stalker”.

Internet and mobile phone use is continuing to grow in the country, which creates more avenues for communications to be abused, say many opponents to data retention.

One blogger said that with all of these serious concerns and the genuine need for discussion on public safety, the government needs to reconvene on the matter and get the balance right.

PREVIOUS ARTICLE

«Mobile money wars: Banks vs. telcos

NEXT ARTICLE

UK and Singapore tie the knot on cybersecurity collaboration»
Jonathan Keane

Jonathan Keane is a freelance journalist, living in Ireland, covering business and technology

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?