EC wants to cap data retention laws
Delete data after a year
The European Commission has stepped into the debate on the proposed data retention bill, saying that the legislation will now require telcos and ISPs to hold onto data for a year, rather that the three or four years originally proposed.
The decision follows a vote from the civil liberties committee to reject the original plans as "disproportionate and ineffective", as well as serious concerns over the legality of the proposed legislation.
The bill was put together, some argue hastily, in the wake of the Madrid train bombings which killed 191 people. Telephone records were reportedly a key part in the police investigation, and allowed them to make quick arrests.
It was put forward by the UK. France, Ireland and Sweden, but following legal advice, the member states now suggest that the bill be proposed by the Commission, rather than by individual countries. This would mean the laws would need to be given the OK by Parliament and the member states, Reuters reports.
Information Society Commissioner Viviane Reding also says the bill should encompass wider issues than just fighting terrorism, saying that there needed to be a balance between the need for security, and the need for privacy.
In its original form, the draft did not state an explicit upper limit on how long data could or should be kept. The draft also failed to delineate between data and content, causing concern among civil liberties campaigners, and among the businesses it would affect.
"It will certainly not be three to four years but a maximum of one year and I hope even less," Reding told Reuters.
While all this sounds very positive - many of the concerns raised when the original document was published do seem to be being addressed - it remains to be seen how these good intentions will affect the bill. The Commission is expected to publish its new proposal in June or July. Until then, we will have to wait and see. ®
Sponsored: Becoming a Pragmatic Security Leader