EU data-retention directive leaked

A draft of the European Directive on data retention has been leaked, revealing that Brussels will be asking for all communications records to be held for a minimum of six months.

The latest version of the Directive, made public by the European Digital Rights organisation, aims to standardise the amount, type and length of time communications services providers will have to store details about their customers' phone calls, emails, faxes, text messages, IMs and other electronic communications, including location details of mobile phone calls.

The Directive, if passed, will force telecoms companies to store information on "traditional fixed and mobile electronic communication services" for one year and IP-based communications for six months.

For calls made between two VoIP users, information will be retained for six months. However, for calls that originate over IP but connect to a normal landline or mobile, data will be held for a year.

While the data held by communications companies won't include the content of the calls or emails themselves, it will ensure that law enforcement agencies can identify the sender and recipient and, for mobile calls, the location of the caller.

According to the EU, there will be a "limited invasion of privacy" and "a limited impact on the competitiveness of the electronic communications industry", as telecoms companies across Europe will have to capture and retain large amounts of data on their customers. The EU, however, has said ISPs and the like should be compensated for any additional expense they incur as a result of the directive.

The European Commission said the measures are now "urgent" and necessary for the "prevention, investigation, detection and prosecution" of criminals and terrorists.

A number of human rights and civil liberties organisations have banded together to oppose the mandatory retention of data and are petitioning the EC to drop the plans, in a petition which reads: "No research has been conducted anywhere in Europe that supports the need and necessity of creating such a large-scale database containing such sensitive data for the purpose of fighting crime and terrorism."

A similar conclusion was reached last month by the European parliament, which adopted a report questioning the necessity of a separate but similar data retention proposal, put forward by four EU member states.

The European parliament's report confirmed it had "sizeable doubts concerning the choice of legal basis and proportionality of the measures" and was concerned it place "enormous burdens" on the telecommunications industry, which it put at around €180m (£124m) initial expense and €50m per year running costs per firm.

The EU's plan for data retention will also necessitate the creation of a new body of law enforcement agents, the tech world and data protection authorities, which will be charged with translating the directive for emerging technologies.

The EC is expected to formally propose the directive this month and, if it becomes law, will review the directive's performance after three years and analyse how useful the retained information has been to police and intelligence services.