EU law on data retention sparks condemnation

Bowing to a hawkish mood that has gripped European policy makers since September 11, the European Parliament Thursday voted in a new European Union data protection law that civil liberty campaigners and industry representatives condemn.

The most controversial part of the new law is a clause that allows the member states to force ISPs (Internet service providers) and telecommunications providers to retain data on their customers' online and phone activity beyond the one or two months this information is normally stored for billing purposes.

The purpose of this clause is to ensure that law enforcement officials can make use of the so-called digital trail people leave behind them in criminal investigations. This point was adopted after 351 Members of the European Parliament (MEPs) voted for it and only 133 voted against.

Parliament largely approved a compromise on the directive that was worked out between its two biggest parties, the European People's Party and European Democrats (EPP/ED) and the European Socialist Party (PES) with the national governments earlier this week, the European Parliament said in a statement.

The compromise was fiercely opposed by some MEPs, including the chairman of the debate on the directive at committee level, Italian MEP Marco Cappato. Cappato rejected any responsibility for the outcome of the vote, saying it "entailed massive restrictions on civil liberties," and ran counter to the position of the freedoms and rights committee that he chairs.

The law will "pave the way for blanket surveillance of individuals," warned Tony Bunyan, editor of U.K.-based European civil liberties group Statewatch. For example, the wording of the data retention clause in the new law does not state that surveillance must be carried out on a case-by-case basis, as the law on police surveillance in the U.S. does, Bunyan pointed out.

Bunyan said it is "a myth to say data retention is needed in order to tackle terrorism." But that argument has come out on top in recent months. The terrorist attacks on the U.S. on Sept. 11 last year weakened the resolve of many civil liberties advocates who tried to resist the move towards the law enforcement camp.

"This is the beginning, not the end of the issue," said Joe McNamee, European affairs manager at EuorISPA, an ISP trade group. "Member states will now be able to pass national laws on the retention of data by ISPs and telecom providers, and there is nothing here in this E.U. data protection directive to stop them," he said, describing the vote on data retention as "unfortunate."

Erkki Liikanen, the European Commissioner in charge of drafting the new data protection directive, last December said that policy must "look at the world differently" after Sept. 11, and dropped his opposition to extended data retention times. On Wednesday he opened up the next phase of the debate: How to cap data retention times. "We can live with this compromise. But we must have a position on the length of data retention, the maximum number of months it can be held," he said.

Liikanen said the discussion about who should pay to store and retrieve the customer data has already begun. The telecom providers and ISPs fear they will be left with the costs, but neither can estimate what that cost would be.

"This compromise mentions data retention but it doesn't define what 'data' is -- it could include the content of people's messages, as well as the time, duration and direction of the call or e-mail," said Fiona Taylor, a senior adviser at the European telecom association ETNO.

"Until we know what we need to store we can't say how much it will cost," she said.

The European Parliament also signed up for a soft opt-in for spam. This will outlaw unsolicited and untargeted mass e-mail, but will continue to allow electronic commerce operations to communicate by e-mail with their existing customers.

"We are disappointed with the result," said Axel Tandberg, director of government affairs at the direct marketing association FEDMA. "We also oppose spam, but introducing an opt-in on e-mails won't prevent spammers because they don't respect the law anyway," he said.

He added that a majority of spam in the EU comes from the U.S., which does not fall under the jurisdiction of the data protection directive. "All this law will do is compromise the future of online targeted direct marketing," he said.

EuroISPA's McNamee welcomed the vote on spam. ISPs generally don't like spam because it clogs up networks and servers, and prompts subscribers to change their provider in order to escape it.

He also welcomed the wording of the new law that relates to cookies, small files stored on users' PCs and used by many Web sites to track user visits. There was pressure from the European Parliament to introduce an opt-in requirement for every single cookie as it entered a person's PC, but this concept was dropped in favor of a system that allows Web sites free use of cookies as long as they display details about the cookies they plant in PCs and they give instructions how to delete the files.

Now that the European Parliament and the governments of the member states have agreed the shape of the new data protection directive, it remains for member states to transpose the law into their national statute books. This often takes up to two years.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Meller

Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?