Euro data retention laws are inadequate and may be illegal

The European Data Protection Supervisor (EDPS) has given his opinion on the European Union's plans to force ISPs and telcos to record details of their customers' communications - and has warned that the proposed legislation may infringe on civil liberties.

The legislation, coming in the wake of the 7 July bombings in London, is being sold by its supporters as a way of helping to detect terrorism. However, its critics suggest that the proposed directive - which demands details pertaining to emails, phone and VoIP calls are stored for a minimum of six months - is heavy-handed.

Current EDPS Peter Hustinx, however, believes the measures now on the table are inadequate to fulfil their stated aim of helping law enforcement agencies to track down terrorists and may even contravene human rights laws.

Hustinx wrote in an Opinion: "Traffic data and location data are not always linked to a specified individual, so knowledge about a telephone number (or an IP-number) does not necessarily reveal the identity of an individual. Another - and even more serious - reason for doubt is whether or not the existence of gigantic data bases enables law enforcement to easily find what they need in a specific case."

As well as being hampered by technological limitations, such as the inadequacy of search engines, the EDPS raised the question of whether law enforcement agencies will actually be able to use the directive to increase the public's safety.

Hustinx wrote: "An adequate availability of certain traffic and location data of public electronic services can be a crucial instrument for those law enforcement agencies and can contribute to the physical security of persons... it should be noted that this does not automatically imply the necessity of the new instruments as foreseen in the present proposal."

He added that regardless of the current political or social climate, European citizens must still receive the utmost legal protection from EU member states.

"The circumstances in society may have changed due to terrorist attacks but this may not have as an effect that high standards of protection in the state of law are compromised. Protection is given by law irrespective of the actual needs of law enforcement," he said.

The EDPS has suggested a number of improvements to the legislation, including limiting the period for which data can be stored, limiting the number of details on communications that telcos and ISPs must keep, restricting who can access such data and ensuring the right technological infrastructure is in place to secure the data.