EU law on data retention sparks condemnation

Bowing to a hawkish mood that has gripped European policy makers since September 11, the European Parliament Thursday voted in a new European Union data protection law that civil liberty campaigners and industry representatives condemn.

The most controversial part of the new law is a clause that allows the member states to force ISPs (Internet service providers) and telecommunications providers to retain data on their customers' online and phone activity beyond the one or two months this information is normally stored for billing purposes.

The purpose of this clause is to ensure that law enforcement officials can make use of the so-called digital trail people leave behind them in criminal investigations. This point was adopted after 351 Members of the European Parliament (MEPs) voted for it and only 133 voted against.

Parliament largely approved a compromise on the directive that was worked out between its two biggest parties, the European People's Party and European Democrats (EPP/ED) and the European Socialist Party (PES) with the national governments earlier this week, the European Parliament said in a statement.

The compromise was fiercely opposed by some MEPs, including the chairman of the debate on the directive at committee level, Italian MEP Marco Cappato. Cappato rejected any responsibility for the outcome of the vote, saying it "entailed massive restrictions on civil liberties," and ran counter to the position of the freedoms and rights committee that he chairs.

The law will "pave the way for blanket surveillance of individuals," warned Tony Bunyan, editor of U.K.-based European civil liberties group Statewatch. For example, the wording of the data retention clause in the new law does not state that surveillance must be carried out on a case-by-case basis, as the law on police surveillance in the U.S. does, Bunyan pointed out.

Bunyan said it is "a myth to say data retention is needed in order to tackle terrorism." But that argument has come out on top in recent months. The terrorist attacks on the U.S. on Sept. 11 last year weakened the resolve of many civil liberties advocates who tried to resist the move towards the law enforcement camp.

"This is the beginning, not the end of the issue," said Joe McNamee, European affairs manager at EuorISPA, an ISP trade group. "Member states will now be able to pass national laws on the retention of data by ISPs and telecom providers, and there is nothing here in this E.U. data protection directive to stop them," he said, describing the vote on data retention as "unfortunate."

Erkki Liikanen, the European Commissioner in charge of drafting the new data protection directive, last December said that policy must "look at the world differently" after Sept. 11, and dropped his opposition to extended data retention times. On Wednesday he opened up the next phase of the debate: How to cap data retention times. "We can live with this compromise. But we must have a position on the length of data retention, the maximum number of months it can be held," he said.

Liikanen said the discussion about who should pay to store and retrieve the customer data has already begun. The telecom providers and ISPs fear they will be left with the costs, but neither can estimate what that cost would be.

"This compromise mentions data retention but it doesn't define what 'data' is -- it could include the content of people's messages, as well as the time, duration and direction of the call or e-mail," said Fiona Taylor, a senior adviser at the European telecom association ETNO.

"Until we know what we need to store we can't say how much it will cost," she said.

The European Parliament also signed up for a soft opt-in for spam. This will outlaw unsolicited and untargeted mass e-mail, but will continue to allow electronic commerce operations to communicate by e-mail with their existing customers.

"We are disappointed with the result," said Axel Tandberg, director of government affairs at the direct marketing association FEDMA. "We also oppose spam, but introducing an opt-in on e-mails won't prevent spammers because they don't respect the law anyway," he said.

He added that a majority of spam in the EU comes from the U.S., which does not fall under the jurisdiction of the data protection directive. "All this law will do is compromise the future of online targeted direct marketing," he said.

EuroISPA's McNamee welcomed the vote on spam. ISPs generally don't like spam because it clogs up networks and servers, and prompts subscribers to change their provider in order to escape it.

He also welcomed the wording of the new law that relates to cookies, small files stored on users' PCs and used by many Web sites to track user visits. There was pressure from the European Parliament to introduce an opt-in requirement for every single cookie as it entered a person's PC, but this concept was dropped in favor of a system that allows Web sites free use of cookies as long as they display details about the cookies they plant in PCs and they give instructions how to delete the files.

Now that the European Parliament and the governments of the member states have agreed the shape of the new data protection directive, it remains for member states to transpose the law into their national statute books. This often takes up to two years.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Meller

Computerworld
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?