EU Passes Data Retention Law (Dec. 14, 2005)
The European Parliament voted today to adopt a new directive allowing for the retention of data "generated by telephony, SMS and internet, but not the content of the information communicated". This data includes email addresses and location data from cell phones. The directive is highly controversial due to the impact it will have on the privacy of European Union citizens.
Also of concern is the broad discretion that is left to EU member states. For example, data may be accessed for the purposes of combatting serious crime and terrorism, but no concrete definition of these concepts has been provided, allowing member states to transpose their own definitions on the provisions of the Directive. In addition, the length of time that a telecommunications company has to retain the data is left relatively undefined - from a minimum of 6 months to a maximum of 24 months - and member states may extend these time frames. Already several countries have indicated intentions to.
The adoption of the text by the European Parliament is procedurally controversial as well. The Directive gained support after a deal made between the Council of Ministers and two large political parties. 378 parliamentarians voted in favour of the Directive, 30 abstained and 197 voted against. The UK has been the key instigator of the measures formalised in the text, particularly since the London tube bombings on 7th July 2005. The text also ignores the amendments proposed by the Parliament's Rapporteur and the Justice and Civil Liberties Committee. Overall, the Directive will be implemented after one of the shortest paths from its drafting to the final vote - months as opposed to years.
Originally, MEPs had suggested that the member governments must reimburse telecom communucations for any additional costs of retention, however this paragraph has been deleted from the text of the Directive. This is especially relevant for the telecommunications companies due to a requirement of retention of data for unsucessful calls which are not currently registered, which will require the adoption of new technologies.
Implementation is likely to be completed within 18 months, although extensions may be sought by some states to enable effective retention of internet data. It is also expected that the Directive will be challenged in some Member States on the grounds of incompatibility with constitutional law.
Directive on the retention of data processed in connection with the provision of public electronic communication services
Privacy international forges coalition to call on European Parliament to reject data retention
Policy Laundering page on Communications Surveillance
Policy Laundering page on European Union