Out-Law News 1 min. read

Data retention: US to follow EU example?

New requirements for ISPs to retain customer data are being explored in the US, inspired by Europe's recent Directive, according to a report by CNET News.com. But that Directive must be implemented with care, warns an EU Working Party on Data Protection.

Advert: Free OUT-LAW breakfast seminars, UK-wide: open source software; and data retentionCNET suggests that there is growing interest in Washington, DC. The proposals appear to focus on the use of data for combating crimes against children, but might also be used in other types of investigation.

Meanwhile, the EU's Article 29 Data Protection Working Party has published a two-page Opinion that addresses some of its concerns with the Directive that was adopted by the Council of Ministers on 21st February.

The Directive aims to harmonise Member States' provisions relating to the retention of communications data, in order to ensure that the data, which can identify the caller, the time and the means of communication, is available for the purpose of the investigation, detection and prosecution of serious crime. The Directive is not concerned with the content of the communications.

Under the agreed draft, the data retained will be made available only to competent national authorities in specific cases and in accordance with national law. They will be retained for periods of not less than six months and not more than two years from the date of communication.

The Directive also provides that Member States will have to take necessary measures to ensure that any intentional access to, or transfer of, data retained is punishable by penalties, including administrative or criminal penalties, which are effective, proportionate and dissuasive.

The Working Party is an independent EU advisory body which has the task of assessing the privacy implications of new laws. It expressed concerns with the Directive when it was still a proposal, in October 2005. Now that it has been adopted, the Working Party has reiterated those concerns.

"It is … of utmost importance that the Directive is accompanied and implemented in each Member State by measures curtailing the impact on privacy," wrote the Working Party on 25th March.

The Directive "lacks some adequate and specific safeguards as to the treatment of communication data and leaves room for diverging interpretation and implementation by Member States in this respect," it continued.

The Working Party is proposing a uniform, European-wide implementation of the Directive, to protect privacy and to reduce the costs to be borne by the service providers.

Eight safeguards are set out in the Opinion, including a call for a clear definition of "serious crime" within the purposes; and a recommendation that a list of designated law enforcement authorities with access to the data should be made public.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.