Resolution regarding data protection and legal professional privilege – 16.05.15

16.05.2015

Data retention resolution FBE Congress in Bilbao 16 May 2015

The FBE is concerned with the preservation of legal professional privilege and the trust that is central to all professional relationships between lawyer and client: that of client confidentiality. Our concern arises out of the developments of the internet which has eroded the protection of data, and made vulnerable confidential communication between lawyer and client, lawyer and the Courts, and lawyer to lawyer.

The HRC recognises that there are different standards of protection in different countries of Europe. Harmonisation of these standards will bring benefits to the citizens and residents of member states. The European Union enables member states to work together to protect confidentiality and trust based on legal professional privilege. The protection and preservation of the lawyer-client relationship of trust is the specific area of concern of European lawyers, and one which we regard to be an important area of EU directive or regulation.

The following recommendations are adopted by the FBE:

1. Communications subject to legal professional privilege must be exempted from data retention measures unless a judicial order has been granted to access the data for the purpose of the investigation, detection, and prosecution of serious crime;

2. Communications requiring legal professional secrecy should be identified at source;

3. States should establish clear and transparent criteria for the retention of data in accordance with the purpose of the investigation, detection and prosecution of serious crime;

4. Data that is retained by governments must be kept under secure conditions;

5. There should be provision for irreversible destruction of data after the retention period;

6. States should establish strong and independent oversight bodies that are adequately resourced;

7. States should establish tribunals where individuals can seek effective remedy for alleged violation of their on-line privacy rights;

8. States should establish an independent mechanism which is capable of conducting a thorough and impartial review;

9. All member states should have legislation which protects storage and disclosure of data to 3rd parties;

10. Public officials working in national, regional and local governments must be bound by the same protection of data held by governments;

11. Disclosure should carry criminal penalties;

12. The EU must have rules in place to prevent data interception by non-State actors;

13. Lawyers must publish their concerns at the impact on society, the impact on access to justice and the rule of law if the framework protecting lawyer-client relationship is inadequate;

14. There should be national legislation in member states to enshrine digital rights;

15. There should be a European digital rights charter;

16. There should be a global digital rights charter;