The UK and other EU governments have proposed that ISPs and
telcos should retain their customers’ traffic data for periods of
one year or longer and give law enforcement agencies access to the
data in cases of criminal investigation.
The retained data would include catalogues of web sites visited,
records of e-mail recipients, lists of telephone numbers dialled,
and the geographical location of mobile phones. In the UK, the
Anti-Terrorism Crime and Security Act regulates data retention,
however relevant codes of practice for ISPs and telcos have not yet
been finalised.
The commissioners said in a statement that such data retention
“would be an improper invasion of the fundamental rights guaranteed
to individuals by Article 8 of the European Convention on Human
Rights.” They also emphasised the “excessive costs that would be
involved for the telecommunication and internet industry”, as well
as “the absence of such measures in the United States. “
The UK Foundation for Information Policy Research (FIPR)
welcomed the Commissioners’ statement, characterising it as a
“particularly timely warning for the UK, where the government is
still attempting to implement the December 2001 Anti-Terrorism
Crime and Security Act.”
The commissioners concluded:
“Where traffic data are to be retained in
specific cases, there must therefore be a demonstrable need, the
period of retention must be as short as possible and the practice
must be clearly regulated by law, in a way that provides sufficient
safeguards against unlawful access and any other abuse. Systematic
retention of all kinds of traffic data for a period of one year or
more would be clearly disproportionate and therefore unacceptable
in any case.”
The
statement of the Commissioners
