Retention of communications data: Security vs privacy

The EU Electronic Privacy Directive 20021 requires Member States to ensure the confidentiality of communications. It prohibits. listening, tapping, storage or other kinds of interception or surveillance of communications. The communications service providers are obligated to delete all traffic data no longer required for the provision of a communications service. Yet, Member States are permitted to restrict the scope of this protection to safeguard national security, defence, public security, and the prevention Investigation, detection and prosecution of criminal offences. Despite strong criticism by privacy experts, data protection commissioners, civil liberties groups and the ISP industry, a provision on the retention of communications data has een inserted. This new Directive reverses the position under the 1997 Telecommunications Privacy Directive by explicitly allowing the EU countries to compel ntemet Service Providers and telecommunications companies to record, index and store their subscribers' communications data. Under the terms of the new Directive, Member States may now pass laws mandating the retention of traffic and location data of all communications. Article 15 of the Directive provides that Member States may adopt legislative measures when such restrictions constitute a necessary, appropriate and proportionate measure within a democratic society) Specifically, Member States may adopt legislative measures providing for the retention of data for a limited period.