Feeds

MEPs vote for mandatory data retention

Costs, scope still unclear

Security for virtualized datacentres

The European Parliament has approved proposals on data retention that would compel telecom firms to keep customer email logs, details of internet usage and phone call records for between six months to two years.

The plan - designed to assist law enforcement in the fight against terrorism and serious crime - leaves it up to individual governments to decide how long service providers will be obliged to keep data.

Police and intelligence agencies would have access to call records (including data on lost calls), location information and internet logs without getting access to the content of the information communicated. MEPs decided to drop provisions to make it mandatory for member states to reimburse telecom companies for additional costs incurred in servicing law enforcement requests.

The EU directive on data retention passed by 378 votes in favour to 197 against and 30 abstentions during its first reading on Wednesday. The measures were put forward by Britain after the 7 July bomb attacks on London.

Who foots the bill?

A spokesman for the UK Internet Service Providers' Association (ISPA) said it remained to be seen how the directive will be implemented into UK law. Voluntary co-operation already exists between ISPs and UK law enforcement agencies over requests for communications data but implementation of the directive would change this from a voluntary arrangement into a mandatory code of practice.

"We are concerned that ISPs may have to foot the bill for mandatory data retention. ISPs are not law enforcement agencies so they should not have to pay for it all," he said.

The amounts involved are not small. ISPA cites estimates from one large UK-based ISP that it would cost £26m a year to set up data retention kit on its systems and £9m a year in running costs to service law enforcement requests.

MEPs agree with the need to retain data for the detection, investigation and prosecution of crime, but only for "specified forms" of serious criminal offences (terrorism and organised crime), and not for the mere "prevention" of all kinds of crime.

Dai Davis, a consultant lawyer at Nabarro Nathanson, said the European Parliament had fudged important issues such as how long records should be kept and who would end up footing the bill for data retention.

Safeguards (including independent oversight) have been put in place by MEPs to make sure data retention requests can't be used to trawl through databases and need to be sanctioned on a case by case basis. But Davis said that it was unclear if checks and balances established in the directive provide adequate safeguards against abuse. ®

Business security measures using SSL

More from The Register

next story
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.