Gulp! Data retention now the law in EU

The government's subpoena of Google has raised questions about online services' data retention programs. EFF has long been urging services to limit their data retention in order to protect users' privacy. Now the European Union has now passed a controversial data retention directive, News.com reports.

The government's subpoena of Google has raised questions about online services' data retention programs. EFF has long been urging services to limit their data retention in order to protect users' privacy.

"The only way Google can reasonably protect the privacy of its users from such legal demands now and in the future is to stop collecting so much information about its users, delete information that it does collect as soon as possible, and take real steps to minimize how much of the information it collects is traceable back to individual Google users," said EFF Staff Attorney Kevin Bankston. "If Google continues to gather and keep so much information about its users, government and private attorneys will continue to try and get it."

While limiting data retention is still legal in the US, the European Union has now passed a controversial data retention directive, News.com reports.

The legislation, which the EU says is necessary to help fight terrorism and organized crime, was passed by justice ministers in Brussels on Tuesday. Internet service providers and fixed-line and mobile operators will now be forced to keep details of their customers' communications for up to two years.

Information including the date, destination and duration of communications will be stored and made available to law enforcement authorities for between six and 24 months, although the content of such communications will not be recorded. Service providers will have to bear the costs of the storage themselves.

EU countries will now have until August 2007 to implement the directive, which was initially proposed after the Madrid train bombings in 2004.

While some member states had recommended data be stored for longer periods, the new legislation has drawn fire from privacy advocates who believe the directive is a threat to human rights.

A coalition of civil liberties groups, including Privacy International, recently criticized the directive in an open letter to the EU.

"Adopting this directive would cause an irreversible shift in civil liberties within the European Union," the letter said. "It will adversely affect consumer rights throughout Europe. And it will generate an unprecedented obstacle to the global competitiveness of European industry."