On Wednesday, the Council of the European Union (the 15 EU governments) agreed their position on the new Directive on data protection and privacy in the telecommunications sector. This would mean inserting a "Recital" to the existing Directive which will allow Member States to adopt laws at national level to require network and services providers to retain traffic data for use by the law enforcement agencies.
Current EU law says that traffic data may only be kept for billing purposes (i.e. to meet the needs of the customer). The European Commission opposes the change of this law and, according to Statewatch, now hopes that the European Parliament will defend the existing law to protect citizens from surveillance and to avoid an enormous burden on ISPs and telcos. Under the co-decision procedure all three EU institutions have to agree on the new measure.
Statewatch reports that the Council could not agree on new wording for the relevant Article 6.1 on traffic data but the strength of lobby by some Member States, apparently led by the UK, to dilute existing privacy and data protection rights in the interests of "law and order" persuaded the rest of the Council to adopt a recital.
The EU's Data Protection Working Party recently stated in a letter to the President of the EU Council that new proposals could contravene the European Convention of Human Rights as “systematic and preventive storage of EU citizens’ communications and related traffic data would undermine the fundamental rights to privacy, data protection, freedom of expression, liberty and presumption of innocence.”
The Data Protection Working Party’s letter can be downloaded in PDF format from the Statewatch site
The full text of the draft Directive (without Wednesday’s recital) can be downloaded in PDF format.