ITU News

Tells you what's happening in Telecommunications around the world

中文  |  Español  |  Français  |  Русский  |  download pdf

European Commission evaluates the Directive on retention of telecommunications data
photo: Shutterstock

On 18 April 2011, the European Commission adopted an evaluation report on its 2006 Data Retention Directive outlining the lessons learned. The Directive established data retention as a response to urgent security challenges, following major terrorist attacks in Madrid in 2004 and in London in 2005. The evaluation report concludes that retained telecommunications data play an important role in the protection of the public against the harm caused by serious crime. Such data provide vital evidence in solving crimes and ensuring that justice is served. However, transposition of the Directive has been uneven and the remaining differences between the legislations of Member States create difficulties for telecommunication service providers. Also, the Directive does not guarantee that data are stored, retrieved and used in full compliance with the right to privacy and protection of personal data, and this has led courts to annul the legislation transposing the Directive in some EU Member States.

The evaluation report analyses how Member States have transposed the Directive and assesses the use of retained data and the impact on operators and consumers.

Its main findings are:

  • Most Member States take the view that EU rules on data retention remain necessary for law enforcement, the protection of victims and the criminal justice systems. As criminal investigation tools, the use of data related to telephone numbers, Internet Protocol (IP) address or mobile phone identifiers has resulted in convictions of offenders and acquittals of innocent persons. Retained data were for example crucial to the success of Operation Rescue which helped reveal the identities of 670 suspected members of an international paedophile network and protect children from abuse in Member States where the directive has been transposed. But the evaluation report also identifies serious shortcomings.

  • Member States differ in how they apply data retention. Retention periods, the purposes for which data may be accessed and used, and the legal procedures for accessing the data vary considerably.

  • Given that the Directive only seeks to partially harmonize national rules, it is unsurprising that no common approach has emerged. The overall low level of harmonization can however create difficulties for telecommunication service providers and in particular smaller operators. Operators are reimbursed differently across the EU for the cost of retaining and giving access to data. The Commission will consider ways of providing more consistent reimbursement of the costs.

  • Data retention represents a significant limitation on the right to privacy. While there are no concrete examples of serious breaches of privacy, the risk of data security breaches will remain unless further safeguards are put in place. The Commission will therefore consider more stringent regulation of storage, access to and use of the retained data.

The Data Retention Directive requires Member States to ensure that telecommunication operators retain certain categories of data (for identifying identity and details of phone calls made and e-mails sent, excluding the content of those communications) for the purpose of investigating, detecting and prosecuting serious crime, as defined by national law. The data must be retained for a minimum of six months to a maximum of two years (to be decided by the Member State in transposing the Directive into national laws).

Data protection authorities have criticized the directive on the grounds that it does not provide adequate safeguards on how data are stored, accessed and used.

Building on the evaluation, the Commission will prepare a proposal to amend the Directive. It will consult law enforcement authorities, the judiciary, data protection authorities, industry and civil society on options for an improved future legal framework. Source: European Commission.


  Previous Printable version Top email to a friend Next © Copyright ITU News 2019
Disclaimer - Privacy policy