EU Proposes Retaining Telecom Traffic Data Up to 12 Months
The European Presidency proposed changing its plan to mandate retention of communications data, decreasing the maximum retention period from 36 months to 12. In an Oct. 14 note to the working party on cooperation in criminal matters, the Dutch Presidency said officials revised the draft framework decision in light of discussions of the working group last month and a Sept. 21 European Commission workshop of traffic data retention. While the revision ends the controversial 36-month maximum retention period, it still doesn’t sit well with ISPs, a EuroISPA official said.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The draft decision would continue to apply to all means of electronic communications, including short message services, messaging provided as part of any telephone services, and Internet services such as e-mail, VoIP and Web services. If adopted, it would require European Union (EU) members to hold traffic data for 12 months following its generation (retention for subscriber data would run from the end of the subscription). However, it says EU nations “may have longer periods for retention of data dependent upon national criteria when such retention constitutes a necessary appropriate and proportionate measure within a democratic society.” The directive wouldn’t affect national laws on data retention processed and stored by providers of a publicly available e-communications service or a public communications network for the purpose of crime prevention.
The revised text “doesn’t change much if anything,” said EuroISPA Regulatory Affairs Mgr. Richard Nash. There is actually no maximum period, he said. The language “seems to suggest that a one-year period might be appropriate,” Nash said, but it leaves the decision entirely up to individual member states.
The earlier version of the draft infuriated ISPs and privacy advocates (CD Sept 23 p7). Over the summer, a U.K. Lords subcommittee panned it, saying in a letter to Parliamentary Undersecretary of State Caroline Flint that it’s “unsatisfactory in its present form, with no detailed justification for it (other than in your Explanatory Memorandum) and no Regulatory Impact Assessment despite the acknowledged effect it would have on Communications Service Providers.” The data retention period of 12-36 months “also seems unsatisfactory for a measure that purports to approximate Member States’ laws,” said Subcommittee F (Home Affairs) of the Select Committee on the European Union.
The Lords panel, which is conducting an inquiry into EU counter-terrorism activities, sought evidence over the summer on several questions, including whether current data protection laws would remain effective if data were collected and exchanged on the scale envisaged in the proposal. Next week, Subcommittee F begins a series of 4 or 5 oral hearings at which govt. officials, and law enforcement agencies will testify, a subcommittee official said. The govt. hasn’t responded to the panel’s criticisms, the official said.