Revised Telecom Data Retention Rules Don’t Allay Fears
The European Commission (EC) approved a draft measure on communications traffic data retention it said differs significantly from a largely unpopular framework decision pushed by the Council and U.K. Presidency. But despite its differences from the Council text, it’s unlikely to win the hearts and minds of providers who continue to insist there’s no proof draconian measures are needed to fight terrorism, officials said.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The directive would mandate retention of fixed and mobile telephony data for periods of a year and Internet Protocol-based data for 6 months . The draft, which was leaked over the summer but hasn’t been publicly released, “foresees” govt. payments to communications services providers for costs incurred in holding data.
The EC wants to replace a patchwork of national data retention schemes it says hampers law enforcement efforts to prevent and prosecute organized crime and terrorism. Some 15 member states lack mandatory data retention obligations, the EC said, and in about half of those with such programs data retention isn’t operational due to lack of implementing measures. In countries with requirements in operation, the storage period is 3-4 years, and the scope of data retained varies widely.
The Council framework decision has been discussed for years. In June, the European Parliament (EP), irate at its exclusion from the process because framework decisions allow it only an advisory role, rejected the proposal, prompting U.K. Home Secretary Charles Clarke and EU officials to try to find common ground on data retention. So far, despite Parliament’s rejection and an EC view that the framework decision is based on faulty legal grounds, both measures are proceeding in parallel
The EC said its directive differs from the Council proposal in key ways: (1) It sets fixed retention periods for phone and Internet traffic data, in contrast to the proposal’s minimum one-year retention period adjustable to 6-48 months. (2) It considers the possibility of reimbursing providers’ data storage costs. (3) It acknowledges the types of data retained can evolve, and therefore has more flexibility in a rapidly changing technological environment. (4) It foresees collection of data upon request as well as evaluating the directive and its impacts. Neither document requires retention of communications content, the EC said, and both limit Internet-related data to e-mails and IP telephony data, meaning web page visits won’t be held.
Key industry groups have been venting on the topic for some time. When justice and home affairs ministers met in the U.K. this month, the European Competitive Telecom Assn., European Telecom Network Operators’ Assn. (ETNO), EuroISPA, GSM Europe and European Cable Communications Assn. urged an open dialogue between govt. and industry before any mandatory traffic data retention rules are adopted.
Providers fear higher costs from data retention duties and the infeasibility of storing some data govts. want held. They question the need for mandatory retention, especially given their close cooperation with law enforcement agencies. And, they said in a statement to ministers, “the current proposals are an active choice to move away from a proven and constructive approach, where industry’s expertise and goods-will are used to maximum effect to fight crime, towards an untargeted, expensive and all-pervasive approach.”
Telecom operators already cooperate effectively and legally with authorities case by case, based on the data available for legitimate business purposes, said ETNO Dir. Michael Bartholomew. ETNO takes issue with the extent to which the proposals reach beyond current industry practices in terms of duration and scope of data kept for business. “At the end of the day, the 2 texts are very close to each other” on the kinds of data to be retained, he said.
The EC proposal does differ from the Council’s by calling for a harmonized retention period, Bartholomew said. And the EC’s contains a “clearer recognition” of providers’ need to recover costs, which sends a “positive signal.” But that doesn’t make the draft directive more palatable, he said, since the scope -- that is, the types of data to be stored -- affects provider costs more than the time period required. The EC version leaves many feasability issues unresolved. That’s why consultation with industry is so crucial, Bartholomew said.
“We don’t know the wording of the adopted text, so a lot of questions remain open,” said Axel Spies, a German lawyer representing the German Competitive Carriers Assn. Last month that group joined other German bodies panning 2 retention proposals now under consideration (WID Aug 8 p7). Law enforcement agencies haven’t proved they need this “huge pile of data,” Spies said, and carriers “are not the deputy sheriffs” for those agencies.
Others also voiced skepticism about the EC proposal. “It would be useful to get a feel for the extent to which the European Court of Human Rights would be prepared to accept any one country arguing that data retention under this proposal is necessary (as it must be under Art. 8.2 of the Convention on Human Rights) when they did not introduce it themselves, spontaneously,” said Joe McNamee, EU political intelligence policy dir.