Shutterstock
European Commission evaluates the Directive
on retention of telecommunications data
On 18 April 2011, the European Commission
adopted an evaluation report on its 2006
Data Retention Directive outlining the lessons
learned. The Directive established data retention as a response to urgent security challenges, following major terrorist attacks in Madrid
in 2004 and in London in 2005. The evaluation
report concludes that retained telecommunications data play an important role in the protection of the public against the harm caused by
serious crime. Such data provide vital evidence
in solving crimes and ensuring that justice is
served. However, transposition of the Directive has been uneven and the remaining differences between the legislations of Member
States create difficulties for telecommunication
service providers. Also, the Directive does not
guarantee that data are stored, retrieved and
used in full compliance with the right to privacy
and protection of personal data, and this has
led courts to annul the legislation transposing
the Directive in some EU Member States.
The evaluation report analyses how Member States
have transposed the Directive and assesses the use
of retained data and the impact on operators and
consumers.
Its main findings are:
 Most Member States take the view that EU rules on
data retention remain necessary for law enforcement, the protection of victims and the criminal
justice systems. As criminal investigation tools, the
use of data related to telephone numbers, Internet
Protocol (IP) address or mobile phone identifiers has
ITU News  3 | 2011  April 2011
45
European Commission evaluates the Directive on retention of telecommunications data
resulted in convictions of offenders and acquittals
of innocent persons. Retained data were for example crucial to the success of Operation Rescue which
helped reveal the identities of 670 suspected members of an international paedophile network and
protect children from abuse in Member States where
the directive has been transposed. But the evaluation report also identifies serious shortcomings.
 Member States differ in how they apply data retention. Retention periods, the purposes for which data
may be accessed and used, and the legal procedures
for accessing the data vary considerably.
 Given that the Directive only seeks to partially harmonize national rules, it is unsurprising that no common approach has emerged. The overall low level
of harmonization can however create difficulties for
telecommunication service providers and in particular smaller operators. Operators are reimbursed differently across the EU for the cost of retaining and
giving access to data. The Commission will consider
ways of providing more consistent reimbursement
of the costs.
 Data retention represents a significant limitation
on the right to privacy. While there are no concrete
46
ITU News  3 | 2011  April 2011
examples of serious breaches of privacy, the risk of
data security breaches will remain unless further
safeguards are put in place. The Commission will
therefore consider more stringent regulation of storage, access to and use of the retained data.
The Data Retention Directive requires Member
States to ensure that telecommunication operators retain certain categories of data (for identifying identity
and details of phone calls made and e-mails sent, excluding the content of those communications) for the
purpose of investigating, detecting and prosecuting serious crime, as defined by national law. The data must
be retained for a minimum of six months to a maximum
of two years (to be decided by the Member State in
transposing the Directive into national laws).
Data protection authorities have criticized the directive on the grounds that it does not provide adequate
safeguards on how data are stored, accessed and used.
Building on the evaluation, the Commission will prepare a proposal to amend the Directive. It will consult
law enforcement authorities, the judiciary, data protection authorities, industry and civil society on options for
an improved future legal framework. Source: European
Commission.