Denmark, holder of the European Union’s six month rotating presidency, is set to try to push through an EU-wide law that would force Internet and telecommunications service providers to store their customers’ data traffic for over a year.
The Danish initiative will be discussed at the committee level with 14 other EU members next month, a European Commission spokesman said. It comes less than three months after the EU passed a controversial data protection law that opened the door for prolonged data retention.
In May, the European Parliament voted in a new data protection law that allows EU states to force ISPs (Internet service providers) and telecommunications providers to retain data on their customers’ online and phone activity beyond the one or two months this information is usually stored for billing purposes.
The Danish initiative would take this one step further by specifying that such retention of data would be for a period of more than a year. The initiative is being proposed in order to harmonize data retention policies across the EU, in order to help fight international crimes such as terrorism, human trafficking and pedophilia, according to the EC spokesman. But to European online privacy advocates and telecommunications operators, the new initiative confirms their worst fears.
“The traffic data of the whole population of the EU-and the countries joining-is to be held on record. It is a move from targeted to potentially universal surveillance,” said Tony Bunyan, an editor with civil liberties group Statewatch.
When the data protection for telecommunications directive was passed in May, ISPs warned that it would be followed by more draconian legislation enhancing justice authorities’ rights to snoop on e-mail and Intenet users.
“This is the beginning, not the end of data retention,” Joe McNamee, European affairs manager for industry group EuroIspa said at the time.
“Now we know that all along they were intending to make it compulsory across Europe,” said Bunyan in reaction to the latest legislative initiative.
ISPs and telecommunications operators fear being left to foot the bill for extended storage times for everyday traffic data and for the retrieval mechanisms needed to make this data accessible to the authorities.
The data to be retained if the new law is passed would include information identifying the source, destination, and time of communication, as well as the personal details of the subscriber to any communications device.
Access to this information by law enforcement officials would require a warrant from a court.
Britain’s investigatory powers act allows law enforcement and intelligence agencies to access personal communications data without any court or executive warrant. This may have to be softened to fit in with the proposed law, a Commission spokesman said.