European Commission announces its plans for data retention

21/09/2005

Adding more to the confusion, the European Commission today announced its plans for a Directive on communications data retention.

We have archived the draft directive here.  External relevant links include

• Announcement of anti-terror initiatives
• Explanation of the need for a retention directive
• Press release

In essence, the Commission proposed Directive conflicts with the Council's proposed Framework Decision mostly on period of data retention and the ability to opt-out.  The Commission is calling for a 1 year retention scheme for mobile and telephone data, and a six-month retention scheme for data held by ISPs, VoIP providers, and other internet access providers.

According to the European Commission, the key differences between the Framework Decision (FD) and the draft directive are

• "Contrary to the draft FD, the draft Directive proposes harmonised retention periods of one year for fixed and mobile telephony data, and six months for IP based communication data. The FD sets a minimum term of retention for all data categories of one year, but allows for possible exceptions to this for periods between 6 and 48 months;
• Contrary to the draft FD, the draft Directive foresees a provision which obliges the Member States to compensate the electronic communication services providers for additional costs incurred as a consequence of the retention obligation;
• Contrary to the draft FD, the draft Directive foresees a Comitology procedure for amendments to the list of data to be retained, providing for the flexibility needed to ensure that the instrument stays up-to-date in a rapidly changing technological environment;
• Contrary to the draft FD, the draft Directive foresees the collection of statistics on cases in which data was requested, as well as an evaluation of the instrument and its impacts, taking account of those statistics.
• Neither the draft FD nor the draft Directive are applicable to the content of communications. Also, in both texts internet related data to be retained are limited to e-mail and IP-telephony data – which means that no data on web pages visited will need to be retained."

Data to be Retained in Commission Proposal

The data to be retained varies depending on the type of infrastructure (telephone, mobile telephony, internet access, internet e-mail, and internet voice-over-IP).  Essentially, it involves

• Data to trace and identify source of communications
• data to identify destination
• data to identify date, time and duration
• dat to identify type of communication service
• data to identify users' communication equipment
• data necessary to identify the location of mobile equipment

More analysis of the proposals will follow.

Related:
Civil society groups call for end to telecommunications data retention
European Parliament calls on search engine companies to spy on all EU citizens
Policy Laundering Home Page
Anti-Terrorism Policy Home Page
Communications Surveillance Home Page
Data Retention back on EU Agenda
European Ministers move forward on data retention
European Parliament rapporteur rejects retention proposal as "disproportionate, invasive and illusory"
Ireland's Parliament 'approves' communications data retention
European Privacy Commissioners call data retention unacceptable
Argentinian Data Retention Law Suspended
PI Report on European Commission and Council Proposals on Data Retention
Privacy International submits report to European Commission on Data Retention
PI and EDRi urge restraint in extraordinary European Council meet on retention
PI appeals to the European Parliament to stop data retention
Privacy International forges coalition calling on EU to abandon data retention