Data retention: US to follow EU example?

OUT-LAW News, 18/04/2006

New requirements for ISPs to retain customer data are being explored in the US, inspired by Europe's recent Directive, according to a report by CNET News.com. But that Directive must be implemented with care, warns an EU Working Party on Data Protection.

CNET suggests that there is growing interest in Washington, DC. The proposals appear to focus on the use of data for combating crimes against children, but might also be used in other types of investigation.

Meanwhile, the EU's Article 29 Data Protection Working Party has published a two-page Opinion that addresses some of its concerns with the Directive that was adopted by the Council of Ministers on 21st February.

The Directive aims to harmonise Member States' provisions relating to the retention of communications data, in order to ensure that the data, which can identify the caller, the time and the means of communication, is available for the purpose of the investigation, detection and prosecution of serious crime. The Directive is not concerned with the content of the communications.

Under the agreed draft, the data retained will be made available only to competent national authorities in specific cases and in accordance with national law. They will be retained for periods of not less than six months and not more than two years from the date of communication.

The Directive also provides that Member States will have to take necessary measures to ensure that any intentional access to, or transfer of, data retained is punishable by penalties, including administrative or criminal penalties, which are effective, proportionate and dissuasive.

The Working Party is an independent EU advisory body which has the task of assessing the privacy implications of new laws. It expressed concerns with the Directive when it was still a proposal, in October 2005. Now that it has been adopted, the Working Party has reiterated those concerns.

"It is … of utmost importance that the Directive is accompanied and implemented in each Member State by measures curtailing the impact on privacy," wrote the Working Party on 25th March.

The Directive "lacks some adequate and specific safeguards as to the treatment of communication data and leaves room for diverging interpretation and implementation by Member States in this respect," it continued.

The Working Party is proposing a uniform, European-wide implementation of the Directive, to protect privacy and to reduce the costs to be borne by the service providers.

Eight safeguards are set out in the Opinion, including a call for a clear definition of "serious crime" within the purposes; and a recommendation that a list of designated law enforcement authorities with access to the data should be made public.

See:

• The Working Party opinion (3-page / 133KB PDF)
• CNET News.com report
• Data Retention Directive (10-page / 87KB PDF, published 15th March 2006)

See also:

• Data Retention Directive endorsed by Ministers, OUT-LAW News, 23/02/2006
• MEPs approve Data Retention Directive, OUT-LAW News, 15/12/2005
• MEPs urged to reject data retention plan, OUT-LAW News, 06/12/2005
• EU Committee amends data retention proposals, OUT-LAW News, 25/11/2005
• Data retention needs better safeguards, says Working Part, OUT-LAW News, 04/11/2005
• Data retention compromise mooted by EU Ministers, OUT-LAW News, 13/10/2005
• Data retention: European Parliament backs Commission plan, OUT-LAW News, 28/09/2005
• Data retention Directive must respect rights, says watchdog, OUT-LAW News, 26/09/2005

Feedback | Printer-friendly page | Latest news | | All news feeds | Ask a lawyer