The European Union's supervisory authority for data protection has declared that the EU's data retention directive does not adequately meet privacy and data protection requirements.
On Tuesday, the office of the European Data Protection Supervisor (EDPS) issued an opinion saying that the 2006 directive, which requires all Internet providers, telecom firms and mobile phone companies to store extensive traffic and location data for six months has "failed to meet its main purpose," and that "the necessity of data retention as provided for in the Data Retention Directive has not been sufficiently demonstrated."
"The EDPS calls upon the Commission to consider seriously all options in the impact assessment including the possibility of repealing the Directive, either per se or combined with a proposal for an alternative, more targeted EU measure," wrote Peter Hustinx, the EDPS' head official, in the 16-page opinion.
Privacy and Internet advocates across Europe have spoken out repeatedly against the directive. Most recently, earlier this year, German parliamentarian Malte Spitz revealed his own six months' of mobile phone calling and tracking data in a data visualization project in collaboration with the German newspaper Die Zeit.
"The Data Retention Directive is cutting down fundamental rights of each individual," Spitz wrote in an e-mail sent to Deutsche Welle. "Privacy in the digital sphere - in a situation with permanent control and surveillance - is no longer possible. Therefore the only consequence can be, to withdraw this directive and stop data retention in Europe. All scientific studies are showing that there is no need for such an intensive interference with fundamental rights."
A response to terrorist attacks
The 2006 directive was created in the wake of terrorist attacks in London and Madrid, and were designed to give European law enforcement easy access to all telecommunications data, including who, when and where a call was made, and any relevant GPS location information.
Nearly all EU member states have created laws to comply with the directive - most recently, Austria, whose data retention bill passed its lower house of parliament in late April.
Several weeks ago, Cecilia Malmström, European commissioner for home affairs said that five countries, including Austria, would face legal action if they did not implement the law.
The others are Sweden, the Czech Republic, Romania and Germany. In the case of the latter three, domestic laws upholding the directive were put in place but subsequently overturned by constitutional courts in their respective countries.
"Our evaluation shows the importance of stored telecommunications data for criminal justice systems and for law enforcement," Malmström said in a statement last month. "But the evaluation report also identifies serious shortcomings. We need a more proportionate, common approach across the E.U. to this issue."
Author: Cyrus Farivar
Editor: Mark Hallam