EU member states have been looking for a way to reintroduce generalised retention of telcommunications metadata – the who, when and where of phone calls, text messages and internet usage, but not the “what” and “why” – since the EU’s Data Retention Directive was struck down by the Court of Justice in 2014.
The Commission was, for some time, rather reluctant to engage in the discussion – but a working document recently circulated in the Council, first published by Netzpolitik, shows that the situation has changed.
Now the Commission is actively courting the member states’ views on possible next steps, calling for responses by tomorrow (16 July) to questions on various different options.
Those options are:
- Policy approach 1: no EU initiative
- Policy approach 2: Non-regulatory initiative on data retention (i.e. recommendation or guidance from the Commission)
- Policy approach 3: regulatory initiative on data retention
- Approach 3(a): generalised retention of traffic and location data for national security purposes
- Approach 3(b): targeted data retention of traffic and location data for serious crime and serious threats to public security (and, a fortiori, safeguarding national security)
- Approach 3(c): expedited retention (quick-freeze) of traffic and location data for serious crime and the safeguarding of national security
- Approach 3(d): generalised retention of IP addresses assigned to the source of an Internet connection for serious crime and serious threats to public security
- Approach 3(e): generalised retention of civil identity data to fight crime and public security threats in general
More detail about each of the proposed options is set out in the Commission’s: Non-paper on the way forward on data retention – Presentation by the Commission and exchange of views (Council doc. WK 7294/2021 INIT, LIMITE, 10 June 2021, pdf)
Find out more about the long and controversial history of data retention in the EU in the Statewatch Database
Image: plenty.r, CC BY-SA 2.0