EU finds privacy flaws in data retention regime

Powered by SC Magazine
 

Data used for more than serious crime.

The European Commission will consider creating a data retention hierarchy, after finding that the 2005 EU data retention directive lacked privacy protections and often went beyond its intent.

In a report (pdf) released Monday, the Commission revealed that eight of the 19 member nations implementing the directive went beyond its intent of providing data to combat "serious" crime.

Belgium, Denmark, France, Italy, Latvia, Poland, Slovakia, Slovenia permitted the use of retained data to investigate all criminal offences, while the UK failed to define what "serious crime" was. 

The Commission found there to have been at least 2.9 million access requests from 2008 to 2009 -- equal to two requests for every European police officer a year, or about 11 requests for every 100 recorded crimes.

It said it would consider creating a retention hierarchy based on different data types or categories of serious crime, to ensure data is only accessed for serious criminal offences.

The commission's announcement followed European data protection supervisor Peter Hustinx's call late last year for use of the directive to be reined in by regulating how member states used the data for law enforcement.

EU commissioner for home affairs Cecilia Malmström noted that the directive was introduced in the aftermath of the Madrid and London bombings -- when Europe was on high alert.

"There was enourmous pressure on governments to ensure that the police and prosecutor had all the tools necessary for tracking terrorism and other security threats," she said at Monday's release of the report.

“In short, the report shows that data retention proved useful in criminal investigations, but there is need for improvement as regards the design of the directive so that there is a better response to the privacy and security of our citizens."

The report also highlighted a lack of harmony between implementations which has posed a challenge for companies that process or store data across national borders. 

Meanwhile, although 25 nations had been required to transpose the directive before 15 September 2007, five nations did not have the directive transposed onto their legal systems.

Romania, Germany and the Czech Republic have repealed their retention laws, while Sweden and Austria have yet to graft it to theirs.

Germany’s constitutional challenge resulted in a 6 month cap on retention and a ruling that data could only be accessed where there was already a suspicion of serious criminal offence. 

The data retention directive was introduced in 2005, came into effect in 2006, and was thought to support the 2004 Council of Europe Convention on Cybercrime to which Australia planned to accede.

Copyright © iTnews.com.au . All rights reserved.


EU finds privacy flaws in data retention regime
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1094

Vote