The European Parliament is expected to back a controversial law on
data protection, spam and cookies, in a vote today (Thursday), amid
opposition from telecommunications companies and Internet service
providers (ISPs).
The law will extend the time telecoms companies and ISP are
required to hold data, introduce an opt-in clause for receiving
marketing e-mail and clarify laws on cookies, the small data files
stored on users' PCs used by Web sites to track visits.
Existing European data protection laws state that traffic data
should be stored for no longer than the billing period and restrict
law enforcement officials' rights of access to people's data.
The latest proposals will allow member states to override data
privacy to conduct criminal investigations and safeguard national
or public security, when this is a "necessary, appropriate and
proportionate measure within a democratic society".
Erkki Liikanen, the European Commissioner in charge of drafting the
data protection directive, said last December that policy must
"look at the world differently" after the 11 September terrorist
attack in the US.
Draft legislation was then amended to call on telecom companies and
ISPs to retain information on their customers' log of phone calls
or e-mail and Internet connections, beyond the one- or two-month
period the information is normally held for billing purposes, in
order to assist police investigations.
The move has left telecom providers and ISPs fearing they would be
left to carry the costs of data retention.
"This compromise mentions data retention but it doesn't define what
'data' is - it could include the content of people's messages, as
well as the time, duration and direction of the call or e-mail,"
said Fiona Taylor, a senior adviser at the European
Telecommunications Network Operators' Association (ETNO).
"Until we know what we need to store we can't say how much it will
cost," she said.
"Data retrieval will be more costly than storage," said Jo McNamee,
European affairs manager for the association of European ISPs,
EuroISPA. He too was concerned that there is no definition of
data.
His main concern about the data retention clause, however, was that
it established the principle that it is permissible to retain data.
"Member states will be able to pass national laws on the retention
of data by ISPs and telecoms providers, and there is nothing here
in this EU data protection directive to stop them," McNamee
said.
The new law would ban the sending of unsolicited e-mail and will
require marketers to get express permission from users before
sending e-mail. However, online suppliers will still be able to
send e-mails to existing customers.
The UK government has long favoured an opt-out approach, and it had
been expected that the European Union would leave it up to member
states to decide whether spam should be opt-in or opt-out.
The European Parliament and the national governments are in broad
agreement on how to treat cookies, with the new law set to permit
free use of cookies as long as clear information about their
content and purpose are provided to users.