EU data-retention directive leaked

EU data-retention directive leaked

Summary: Details of all Internet communications will need to held for six months and phone communications for a year, under plans being mooted in Brussels

TOPICS: Government UK

A draft of the European Directive on data retention has been leaked, revealing that Brussels will be asking for all communications records to be held for a minimum of six months.

The latest version of the Directive, made public by the European Digital Rights organisation, aims to standardise the amount, type and length of time communications services providers will have to store details about their customers' phone calls, emails, faxes, text messages, IMs and other electronic communications, including location details of mobile phone calls.

The Directive, if passed, will force telecoms companies to store information on "traditional fixed and mobile electronic communication services" for one year and IP-based communications for six months.

For calls made between two VoIP users, information will be retained for six months. However, for calls that originate over IP but connect to a normal landline or mobile, data will be held for a year.

While the data held by communications companies won't include the content of the calls or emails themselves, it will ensure that law enforcement agencies can identify the sender and recipient and, for mobile calls, the location of the caller.

According to the EU, there will be a "limited invasion of privacy" and "a limited impact on the competitiveness of the electronic communications industry", as telecoms companies across Europe will have to capture and retain large amounts of data on their customers. The EU, however, has said ISPs and the like should be compensated for any additional expense they incur as a result of the directive.

The European Commission said the measures are now "urgent" and necessary for the "prevention, investigation, detection and prosecution" of criminals and terrorists.

A number of human rights and civil liberties organisations have banded together to oppose the mandatory retention of data and are petitioning the EC to drop the plans, in a petition which reads: "No research has been conducted anywhere in Europe that supports the need and necessity of creating such a large-scale database containing such sensitive data for the purpose of fighting crime and terrorism."

A similar conclusion was reached last month by the European parliament, which adopted a report questioning the necessity of a separate but similar data retention proposal, put forward by four EU member states.

The European parliament's report confirmed it had "sizeable doubts concerning the choice of legal basis and proportionality of the measures" and was concerned it place "enormous burdens" on the telecommunications industry, which it put at around €180m (£124m) initial expense and €50m per year running costs per firm.

The EU's plan for data retention will also necessitate the creation of a new body of law enforcement agents, the tech world and data protection authorities, which will be charged with translating the directive for emerging technologies.

The EC is expected to formally propose the directive this month and, if it becomes law, will review the directive's performance after three years and analyse how useful the retained information has been to police and intelligence services.

Topic: Government UK

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The European Commission getting involved in making new unjustifiable IT laws that makes everyone miserable ...yet again.

    When will they stop?

    Maybe when the US tells them to.
  • So criminals and terrorists need to put even more effort into stealing and hi-jacking cellulars and PC's. Well, that will be hard to accomplish. Given the amount of vendor liability in that area. Sigh.

    What's next? Fining someone EUR 100000 for "allowing" their cellular or PC to get hi-jacked or stolen and thus cause a treath to national security or obstructing criminal investigations?

    Or how about taking DNA, fingerprint and other samples from everyone. Including implanting a tracing device that will kill the subject when removed. And enforcing that on everybody even thinking about crossing our borders? Along with locking up everybody that has no or a faulty tracing device accoording to the nation wide tracking systems? Because that's what it'll take to get an almost waterproof system and that in turn seems to be what's needed before certain agencies run out of excuses.