UK Government suffers data retention blow

Europe's data protection commissioners have dealt a blow to the UK government's plans to force telcos and ISPs to store communications traffic data, according to UK privacy lobbyists.

The UK government is proposing that ISPs and phone companies retain their customers' telecoms traffic data for up to two years and give law enforcement agencies access to that data -- if needed -- in a criminal investigation. This data would include catalogues of websites visited, records of email recipients, lists of telephone numbers dialled, and the geographical location of mobile phones.

How long this data would need to be stored is as yet undecided, with the government considering anything up to two years. At one point, as much as seven years was being mooted.

But following a meeting in Cardiff last week, the data protection commissioners from various European countries largely opposed such sweeping proposals.

They said they have "grave doubt as to the legitimacy and legality of such broad measures" and are worried about the financial burden they will place on telcos and ISPs.

The commissioners also said that "such retention would be an improper invasion of the fundamental rights guaranteed to individuals".

Their statement went on to say: "Where traffic data are to be retained in specific cases, there must therefore be a demonstrable need, the period of retention must be as short as possible and the practice must be clearly regulated by law, in a way that provides sufficient safeguards against unlawful access and any other abuse. Systematic retention of all kinds of traffic data for a period of one year or more would be clearly disproportionate and therefore unacceptable in any case."

The Foundation for Information Policy Research (FIPR) welcomed these views. Ian Brown, director of FIPR, said: "Records of the websites we visit, who we communicate with and where we go with our mobile phones paint a very detailed picture of our lives.

"Forcing phone and internet companies to retain this data on all of their customers for years is a huge threat to the privacy of us all. This should not only be a debate about policing, but the dangers posed by having this treasure trove of information available for others to access, legitimately or otherwise," he added.

The issue of data retention is governed by the Anti-Terrorism Crime and Security Act, which was passed in December 2001. The UK government has not yet finalised the codes of practice which will accompany it, and is currently relying on a voluntary scheme in which the telecoms companies decide how much data they store and for how long. This intervention by the data commissioners will put pressure on the government to tie up the loose ends and may lead to less stringent measures being imposed, although the voluntary element of the legislation is likely to remain.

A spokeswoman for the Home Office said: "The Home Office is currently consulting with members of the telecommunications industry, the Office of the Information Commissioner, and other government departments, in the drawing up of a voluntary code of practice regarding data retention.

"The suggestion that [the anti-terrorism directive] would allow widespread surveillance is nonsense. But it will allow governments to take reasonable measures to ensure that traffic data that could prove useful in the fight against serious crime and terrorism is not destroyed."

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.