The First Day of the Data Protection Directive

As of this morning all European internet service providers must store details of user e-mails and net phone calls for at least a year. This is due to Directive 2006/24/EC of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks. It applies to traffic and location data on both legal entities and natural persons and to the related data necessary to identify the subscriber or registered user. It doesn’t cover the content of electronic communications, including information consulted using an electronic communications network.

According to the BBC, The data stored is used to determine connections between individuals. Authorities can get access to the stored records with a warrant. The UK Home Office, responsible for matters of policing and national security, said the measure had “effective safeguards” in place.

ISPs across Europe have complained about the extra costs involved in maintaining the records. The UK government has agreed to reimburse ISPs for the cost of retaining the data.

A challenge to the Directive before the European Court by a coalition of NGOs including the Open Rights Group but the brief is still worth reading:

“While it threatens to inflict great damage on society, its potential benefit appears, overall, to be little. Data retention can support the protection of individual rights only in few and generally less important cases. A permanent, negative effect on crime levels is not to be expected… [With data retention in place] citizens constantly need to fear that their communications data may at some point lead to false incrimination or governmental or private abuse of the data. Because of this, traffic data retention endangers open communication in the whole of society.”