- Home /
- News /
- 2001 /
- May /
- Three EU governments - UK, France and Belgium - press ahead with 12 months retention of telecommunications data - ditching citizens' rights on data protection and privacy under EU law
Three EU governments - UK, France and Belgium - press ahead with 12 months retention of telecommunications data - ditching citizens' rights on data protection and privacy under EU law
01 May 2001
As the Council of the European Union (representing all 15 governments) is discussing the draft "Conclusions" (see: S.O.S.Europe
) on giving law enforcement agencies access to communications data, the UK, France and Belgium already have plans to introduce the retention of telecommunications data for at least 12 months. These plans are revealed in official responses to a survey of national positions on computer crime carried out by the EU Police Cooperation Working Party (dated 24 April 2001).
The survey confirms the determination of EU law enforcement agencies to achieve a number of objectives:
i) to stop the deletion of telecommunications data which is required under the law as laid down in the EC Directives on data protection and privacy;
ii) to stop users having anonymity in their communications (see attack on cybercafes below);
iii) to ensure that the law enforcement and security agencies have access to the retained/archived data;
iv) to ensure that data is retained, in the first instance, for at least 12 months - once the EC Directives are breached they can argue for seven years, ten years or more later.
The report distinguishes between "computer-targeted offences" ("hacking", where the report says that EU legislation "adequately protected") and offences concerning "Information technology as a tool in committing an offence" (ie: using a computer).
Under the heading: "The rights and obligations of those involved in new technology in the European area" the report notes that all European states "have incorporated into their legislation provisions to safeguard the processing of personal data" by implementing, under national laws, the Council of Europe Recommendations and EC Directives on data protection and privacy in telecommunications, the report says the effect is that:
"Each operator is generally required to delete the traffic data or render them inaccessible at the end of each call (or at the latest when the time required for their commercial processing has elapsed)"
Data retention for 12 months - in the first instance
It goes on to says that:
"The issue of storing connection data therefore seems crucial. Two apparently contradictory interests have to be reconciled:
– the protection of personal data and, more generally, respect for privacy;
– the need for investigators to have access to the data stored by the service providers for the purposes of the investigation.
At present the issue of the storage of connection data and the length of that storage is clearly the weak link in the fight against cyber-crime. As witness, few countries have a legal requirement concerning the length of time connection data must be kept.
The Netherlands requires Internet service providers to store connection data for three months following the initial processing. Belgian legislation also requires Internet service operators to store call data for a certain period, which may not be less than 12 months. Failure to comply is an offence punishable with a prison sentence... France is currently preparing a draft law requiring telecommunications and network operators to store connection data for twelve months.
While no legislative provisions exist, some States, such as the United Kingdom, have concluded informal arrangements with national service providers whereby the UK investigative departments hope that connection data will be stored for 12 months.
Faced with the legislative vacuum, Italian service providers have adopted a self-regulation code involving active collaboration with the police."
The report then goes on to state: "Member States' wishes" which are:
"The Member States are seeking standardisation or at least harmonisation of legislation, at any rate as regards its basic legal principles, given that the 1989 Recommendation of the Council of Europ