EU finds privacy flaws in data retention regime

Powered by SC Magazine
 

Data used for more than serious crime.

The European Commission will consider creating a data retention hierarchy, after finding that the 2005 EU data retention directive lacked privacy protections and often went beyond its intent.

In a report (pdf) released Monday, the Commission revealed that eight of the 19 member nations implementing the directive went beyond its intent of providing data to combat "serious" crime.

Belgium, Denmark, France, Italy, Latvia, Poland, Slovakia, Slovenia permitted the use of retained data to investigate all criminal offences, while the UK failed to define what "serious crime" was. 

The Commission found there to have been at least 2.9 million access requests from 2008 to 2009 -- equal to two requests for every European police officer a year, or about 11 requests for every 100 recorded crimes.

It said it would consider creating a retention hierarchy based on different data types or categories of serious crime, to ensure data is only accessed for serious criminal offences.

The commission's announcement followed European data protection supervisor Peter Hustinx's call late last year for use of the directive to be reined in by regulating how member states used the data for law enforcement.

EU commissioner for home affairs Cecilia Malmström noted that the directive was introduced in the aftermath of the Madrid and London bombings -- when Europe was on high alert.

"There was enourmous pressure on governments to ensure that the police and prosecutor had all the tools necessary for tracking terrorism and other security threats," she said at Monday's release of the report.

“In short, the report shows that data retention proved useful in criminal investigations, but there is need for improvement as regards the design of the directive so that there is a better response to the privacy and security of our citizens."

The report also highlighted a lack of harmony between implementations which has posed a challenge for companies that process or store data across national borders. 

Meanwhile, although 25 nations had been required to transpose the directive before 15 September 2007, five nations did not have the directive transposed onto their legal systems.

Romania, Germany and the Czech Republic have repealed their retention laws, while Sweden and Austria have yet to graft it to theirs.

Germany’s constitutional challenge resulted in a 6 month cap on retention and a ruling that data could only be accessed where there was already a suspicion of serious criminal offence. 

The data retention directive was introduced in 2005, came into effect in 2006, and was thought to support the 2004 Council of Europe Convention on Cybercrime to which Australia planned to accede.

Copyright © iTnews.com.au . All rights reserved.


EU finds privacy flaws in data retention regime
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1071

Vote