With the proposed new directive on personal data, the European Commission aims to update the existing Telecommunications Data Protection Directive. Decisions must be made about controversial topics such as traffic data, mobile location data, public directories and spam. Among these, the hottest topic is likely to be the issue of retaining traffic data for law enforcement purposes.
There has been recent controversy over the issue of retaining traffic data. Traffic data covers who or what is talking to whom – whether the communication is by e-mail, phone or otherwise. While this data can be very sensitive information, it does not actually cover the content of the communications.
Under the existing Directive, traffic data must be erased when no longer needed for the provision of the service or for billing. The Directive also refers to exceptions which Member States may rely upon to derogate from this, such as national security and investigation of crimes. The new draft Commission keeps this general provisions, which the Commission says is intended “to ensure that a high level of protection of fundamental human rights is maintained.” The new draft says:
"Traffic data relating to subscribers and users processed and stored by the provider of a public communications network or service must be erased or made anonymous when it is no longer needed for the purposes of the transmission of a communication..."
The draft also provides that Member States “shall ensure the confidentiality of communications and related traffic data” through national legislation, including a prohibition on “listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data”.
However, the new draft also allows States to make exceptions in their domestic laws. Accordingly, the Directive means the UK, for instance, could pass legislation to restrict these obligations for certain purposes, the widest of which is for the detection of criminal offences.
The UK government has on several occasions denied having any plans for data retention laws and the UK’s Information Commissioner, as well as the EU’s Data Protection Working Party, are firmly against such laws. The law enforcement agencies of Europe are generally in favour of data retention laws. In the UK, the National Criminal Intelligence Service specifically asked the Home Office for laws to this effect. According to Statewatch, a civil liberties group, UK, Belgian and Swedish delegations of the European Council expressed a preference for data retention for a limited period on grounds of national security etc. This preference was opposed by the European Commission.