EU rethinks data collection for security services
The European Union is rethinking how it logs citizens’ telephone calls and internet use data for law enforcement purposes.
Since the attacks in Madrid in 2004 and London in 2005, the EU has required telecoms companies in its 27 member states to record the sender, receiver, time and place of any telephone call or email message.
The practice has been criticised by privacy advocates as overreaching.
Data retention has proven useful in criminal investigations,
EU Home Affairs Commissioner Cecilia Malmstrom said the law does not in itself guarantee citizens’ right to privacy and that member states’ interpretations have varied.
“Data retention has proven useful in criminal investigations, but there is need for improvement as regards the design of the Directive so that it better respects both the security and the privacy of our citizens,” Malmstrom said in prepared remarks to reporters.
The European Commission plans to present amendments later this year after consulting with member states, lawmakers, industry and civil society.
The data retention rules have given European law enforcement officers wide-sweeping access to telephone and email logs that officials say helped bring down the likes of a €40 million heroin smuggling ring in the UK in 2009.
But the EU law, which requires telecommunication companies to keep data logs at least six months and up to two years and provide them to police if requested, has also clashed with privacy concerns.
European Data Protection Supervisor Peter Hustinx has called the law “without doubt the most privacy invasive instrument ever adopted by the EU,” and deemed it a “substantial interference” to the right to privacy.
Smaller telecom companies have also complained of the costs of logging the data. Some member states reimburse operators for the cost, while others do not.