EU rethinks data retention by ISPs

EU justice ministers are rethinking measures to force telecoms companies and ISPs to retain data for police forces to use in the...

EU justice ministers are rethinking measures to force telecoms companies and ISPs to retain data for police forces to use in the fight against crime and terrorism.

Last week EU justice and home affairs ministers debated plans to force electronic communications providers to retain information for up to three years.

Under draft legislation proposed by the UK, Ireland, Sweden and France, operators would have to keep for at least 12 months all data concerning the source, routing, destination, time, date and duration of communications as well as the location of the telecom device used in a particular transmission.

The data would be that obtained by operators for invoicing and other commercial purposes.

The move is part of the EU's drive to combat terrorism. Rules would apply to providers of fixed-line services, mobile phones, SMS operators and ISPs, including VoIP providers.

ISPs and telcos have insisted that the current proposals are unworkable and will hit operators with enormous costs, massive security issues and - in some cases - insuperable technical difficulties in data collection and storage.

"Data retention is one of the most important issues ever faced by the internet services industry," warned the European ISP association EuroISPA, which added that the proposed measures could "devastate" the industry.

At last week's meeting, EU ministers indicated they were prepared to contemplate another approach to the collection of data, in recognition of the fact that not all operators collected information in the same way. For example, some service providers apply a flat rate system where the relevant data is simply erased after communication has been terminated.

Instead, ministers considered requiring operators to supply a common list of data.

Richard Nash, EuroISPA secretary-general, said the debating of an alternative approach showed that there was "some recognition of serious flaws in the original proposal". But he argued that the fundamental problems remained, and that the proposal was "so far-reaching as to destroy the industry".

Nash said EU legislators assumed that an ISP could "flick a button and the data will be on a disc ready catalogued. But it's just not possible to do that."

EuroISPA has warned that the current proposals are incompatible with data protection rules. But its basic objection is that legislators have failed to justify their need to extend the requirements for data preservation.

Thierry Dieu, communications manager of the European Telecommunication Network Operators' Association, said that the trade group had strong concerns about the data retention proposals. He added that telcos were already cooperating with law enforcement authorities on a case-by-case basis but within a very strict legal framework in respect of data protection requirements.

"The efficiency of the current situation needs to be further assessed before adding more burdens on operators," he said.

Despite last week's EU discussions and the willingness to explore another approach to the issues, the industry remains convinced that the current data retention proposal is unworkable. Ministers have referred the legislation back to experts and have set themselves a deadline of June 2005 to finalise new rules.

Simon Taylor writes for IDG News Service

Read more on IT legislation and regulation