European Commission's proposed data retention plan under fire

European Data Protection Supervisor Peter Hustinx warned on Monday that a proposed European Commission directive on data retention might turn out to be illegal.

The commission, the executive body of the European Union (EU), unveiled the proposal on data retention on Wednesday as part of a counter-terrorism package.

The proposal requires telephone service providers, both fix-line and mobile, to keep records of all telephone calls for 12 months and Internet communication providers to restore data for six months.

Hustinx on Monday presented his opinion on the proposed European Commission directive, saying he was not convinced of the necessity of the measure.

"This is an incredibly sensitive issue. The directive has a direct impact on the protection of privacy of EU citizens and it is crucial that it respects their fundamental rights," a European Commission press release quoted Hustinx as saying in his presentation.

"A legislative measure that would weaken the protection (of citizens' fundamental rights) is not only unacceptable but also illegal," he warned.

Under the commission proposal, what is to be monitored is not the actual content of the communications, but records of the traffic -- which number calls which at what time.

The commission argues that the records are crucial for investigations into terrorist attacks or in prevention of such attacks.

The proposal also pledges to put data processing under the full supervisory powers of the data protection authorities in all EU member states.

But Hustinx challenged the proposed directive despite the commission pledges.

He said he was not convinced the measure is necessary in the first place. But should the decision-making EU Council and the European Parliament decide that data retention is necessary for the purpose of serious crime investigation, strict restrictions must be imposed on the monitoring and the use of data and adequate safeguards must be provided.

Hustinx said periods of data retention as proposed -- six months for Internet communications and 12 months for telephone calls were not acceptable.

"The periods must reflect the needs of law enforcement and they must be harmonized in the member states, laying down maximum periods of retention," he said.

He said the volume of data to be stored must also be limited and that inaccessibility to content data must be ensured.

Hustinx also demanded specific provisions on access to the retained data by competent authorities to ensure that no one but the relevant law enforcement services can use the data in individual cases.

"Adequate technical infrastructure must be put in place to ensure the security of the data, including financial incentives to this effect," he added.

Hustinx demanded data subjects must be able to exercise their rights and data protection authorities must be enabled to supervise effectively.

He insisted that co-decision of the EU Council and the European Parliament is the only acceptable way forward in this highly sensitive area.

Source: Xinhua