Feeds

Data Retention Directive receives rubber stamp

But support not universal

Beginner's guide to SSL certificates

The controversial Data Retention Directive received its final seal of approval on Tuesday, when ministers at the Justice and Home Affairs Council adopted the directive with a qualified majority. Irish and Slovak Ministers voted against the measure.

The terms of the directive

In general terms, the directive aims to harmonise member states' provisions relating to the retention of communications data, in order to ensure that the data, which can identify the caller, the time and the means of communication, is available for the purpose of the investigation, detection and prosecution of serious crime.

The directive is not concerned with the content of the communications.

Under the agreed draft, the data retained will be made available only to competent national authorities in specific cases and in accordance with national law. They will be retained for periods of not less than six months and not more than two years from the date of communication.

The directive also provides that member states will have to take necessary measures to ensure that any intentional access to, or transfer of, data retained is punishable by penalties, including administrative or criminal penalties, which are effective, proportionate and dissuasive.

Each member state is obliged to designate a public authority to be responsible for monitoring the application of the directive within its territory, and will have around 18 months in which to comply with the directive after it enters into force. This is due to take place on the twentieth day after the publication of the directive in the Official Journal of the European Union.

Politics

The measure was controversially pushed through the European Parliament in December, following threats from ministers that if MEPs were unable to approve a compromise draft and rejected the proposals – as they had done twice previously – the council would push through its own, more stringent legislation.

But not all members of the council are happy with the result. Both the Irish and Slovak governments would have preferred to adopt the council-led proposals, using a process that requires unanimity in the council and a non-binding opinion from the Parliament. Such a process is normally used in security matters.

Instead, a commission-led process was used, resulting in a directive, which requires the approval of the European Parliament and a majority vote in the Council of Ministers.

The Irish and Slovakian delegates voted against the directive, but the majority support means it is now adopted.

According to reports, the Irish Government, which wanted more stringent measures, is unhappy that it had no veto in what it regards as a security matter, and is considering taking the matter to the European Court of Justice.

See: The Directive (26-page/149KB PDF) 

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.