The European data protection supervisor, Peter Hustinx, whose primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies has issued an opinion on the EU 2006 Data Retention Directive, determining it to contradict privacy and data protection rights.
Doubts about large scale data retention
The Data Retention Directive seeks to harmonise certain aspects of national rules on data retention. It requires telecommunication service providers to store traffic and location data regarding fixed and mobile telephony, internet access, email and telephony, for a period of at least six months (and no more than two years), and to make it available on request to law enforcement authorities for the purpose of investigation, detection and prosecution of serious crime and terrorism.
While the Data protection supervisor admits that the availability of traffic and location data can play an important role in criminal investigations, he has in the past expressed serious doubts about the necessity for retaining data on such a large scale.
Directive does not respect right to privacy
In April 2011 the European Commission published its Evaluation Report on the Data Retention Directive that reviewed the application of the Directive by Member States, as well as its impact on operators and consumers, with a view to determining whether it is necessary to amend its provisions, in particular with regard to its data coverage and retention periods.
After reviewing the Report, the European data protection supervisor adopted the view that the Directive does not meet the requirements imposed by the fundamental rights to privacy and data protection, stating that the necessity for data retention as provided in the Directive had not been sufficiently demonstrated and that data retention could be regulated in a less privacy-intrusive way.
The Supervisor ruled that the Directive leaves too much scope for Member States to decide on the purposes for which the data might be used, and on who can access the data and under which conditions, highlighting the need for the investigation of necessity and proportionality and the examination of alternative, less privacy-intrusive policies.
As a result, the supervisory body has called on the European Commission to seriously consider all options in the process of evaluating the Data Retention Directive, including a possible repeal of the directive itself.
