|
EU Data Retention - doqumentation
|
|
All existing data protection laws in member states of the European Unionare subject to change during the years 2007/8. That change is substantial, as a common principle is turned into its opposite.
So called traffic data [who calls whom when where / who uses which IP address when etc.] currently have to be deleted when no longer needed for technical and billing purposes by the network operator. That is the gist of all current data protection laws: storage of communications traffic data without the citizen's consent is explicitly forbidden.
|
See the more doquments to the right to see the full collection of doqumentz in the order of publication onsite. "Vorratsdatenspeicherung is the
German Version
of data retention.
The new EU "directive on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks" requires the opposite of existing law. A large amount of traffic data from telephone networks and the internet must be stored by network operators for a period of up to two years.
In some EU countries with strong data protection laws like Germany there has been fierce and ongoing opposition. Chambers of commerce, ISPAs and About 10.000 people already have signed in to challenge the upcoming German data retention law for violating the German constitution. The Austrian government is neither in favour of changing core dtat protection laws that have been enacted only a few years ago.
We have doqumented how this dangerous and much debated directive was rushed through various bodies of the EU. The roots of this directive can be traced back to the "Convention on Cybercrime by the Council of Europe [COE] and to the G/7 summits of the late nineties.
2005 03 15 Directive in Fulltext English and German
2006_12_06, Data Retention proposal
2005_11_08,EU presidency COPEN 172 telecom 123 data retention parliament discussion
2005_09_21,proposal on data retention of public electronic communication - plenary vote in eurparl on 2005_12_13
2005_07_21: Proposal for a directive of the European Parliament and the Council on the retention of data processed in connection with the provision of public electronic communication services
28. April 2004: Draft Framework Decision on the retention of data
19. November 2000: DRAFT CONVENTION ON CYBER-CRIME
10. December 1997: G/8 Cybercrime Meeting, WASHINGTON, D.C.
2005_12_06,data retention proposal ,st15449
The Council discussed in detail the Commission's proposal for a Directive on the retention of data
processed in connection with the provisions of public electronic communication services and
amending Directive 2002/58/EC. The Presidency concluded that, provided that the European
Parliament agreed amendments to the Commission proposal in the exact form as set out in Annex I
and that the Commission would amend its proposal accordingly, the Council would be in a position
to adopt the proposed Directive in the form of the text thus amended.
(COPEN 196, TELECOM 145, COCEC 1149. LIMITE)
see also the addendum and the corrigendum,
2005_11_08,EU presidency COPEN 172 telecom 123 data retention parliament discussion.pdf
"A maximum at least 24 months" - From the current presidency's point of view "Any draft Directive would have to include: Retention periods – flexibility within a minimum and maximum period, with a minimum obligation to retain data falling within the scope of the Directive for 6 months, and a maximum of at least 24 months. A list of telecommunications data to be retained which includes at least data on Internet access, Internet email and Internet telephony, in addition to data on fixed and mobile telephony."
2005_09_21, proposal on tata retention of public electronic communication - plenary vote in eurparl on 2005_12_13.pdf
Proposal for a Directive of the European Parliament and of the Council on the retention of data processed in connection with the provision of public electronic communication services
Citizens increasingly perform daily activities and transactions using electronic communications networks and services. These communications generate 'traffic data' or 'location data' which include for example details about the location of the caller, the number called, the time and duration of the call. When combined with data enabling the identification of the subscriber or user of the service, the availability of such traffic data is important for purposes related to law enforcement and security, such as the prevention, investigation, detection and prosecution of serious crime, such as terrorism and organised crime.
The gist of the July 21 2005 proposal by the EU commission
The proposed Directive harmonises the following elements:
(a) the types of data to be retained,
(b) the periods of time during which the data should be retained
(c) the purposes for which the data may be supplied to the competent authorities. It also provides for an obligation on the service providers to retain the data in such a way that they can co-operate with the competent authorities without undue delay, whilst leaving it to the Member States to determine which authorities are competent under national legislation. Finally the Directive also provides for the principal of reimbursement of the additonal cost incurred by the network and service providers to comply with the obligations imposed on them as a consequence of this Directive. This is an essential element to ensure that there will be no market distortion trough the application of different national cost reimbursement schemes.
Article 4, Categories of data to be retained
a) data necessary to identify the source of a communication
b) data necessary to identify the destiniation of a communication
c) data necessary to identify the date, time and duration of a communication
d) data necessary to identify the type of communication
e) data necessary to identify the communication device or what purports to be the communication device
f) data necessary to identify the location of mobile communication equipment
Article 6, Storage requirements of retained data
Member States shall ensure that the data are retained [...] in such a way that the data retained and any other necessary information related to such data can be transmitted upon request to the competent authorities without undue delay.
Annex
The types of data to be retained the categories identified in Article 4 in this Directive
a) and b) data necessary to trace and identify the source (a) / destination (b) of a communication
(1) Concerning Fixed Network Telephony
b) Name(s) and Adress(es) of the subscriber(s) or registered user(s)
(2) Concerning Mobile Telephony
b) Name(s) and Adress(es) of the subscriber(s) or registered user(s)
(3) Concerning Internet Access and Internet Communication Services
d) Name(s) and Adress(es) of the subscriber(s) or registered user(s) to whom the IP adress, Connection Label or User ID was allocated at the time of the communication.
f)Data necessary to identify the location of mobile communication equipment:
(1) The location label (Cell ID) at the start and end of the communication;
(2) Location labels (Cell ID) throughout the communication;
(3) Data mapping between Cell ID's and their geographical location at the time of communication.
>> Draft in Scanned Version
28. April 2004: Draft Framework Decision on the retention of data
processed and stored in connection with the provision of publicly available electronic communications services or data on public communications networks for the purpose of prevention, investigation, detection and prosecution of crime and criminal offences including terrorism. From the French Republic, Ireland, the Kingdom of Sweden and the United Kingdom date on 28 April 2004 to Javier Solana, Secretary-General.
>> Draft in Fulltext
From article 4: Time periods for retention of data
"Each Member State shall take the necessary measures to ensure that data shall be retained for a period of at least 12 months and not more than 36 months following its generation. Member States may have longer periods for retention of data dependent upon national criteria when such retention constitutes a necessary, appropriate and proportionate measure within a democratic society."
>>Article in Fulltext
From Article 2, Definitions
:
1. For the purpose of this Framework Decision :
a) The definition of the term in this framework decision includes traffic data and location data as set out in Article 2 of the Directive 2002/58/EC, and is inclusive of subscriber data and user data related to these data.
(b) User data means data relating to any natural person using a publicly available electronic communications service, for private or business purposes, without necessarily having subscribed to the service. Subscriber data means data relating to any natural person using a publicly available electronic communications service for, private or business purposes, without necessarily having used the service.
2. Data shall for the purpose of the Framework Decision include:
(a) Data necessary to trace and identify the source of a communication which includes personal details, contact information and information identifying services subscribed to."
>>Article in Fulltext
19. November 2000: DRAFT CONVENTION ON CYBER-CRIME
Concerned at the risk that computer networks and electronic information may also be used for committing criminal offences and that evidence relating to such offences may be stored and transferred by these networks;
Article 1 - Definitions
For the purposes of this Convention:
c. "service provider" means:
i. any public or private entity that provides to users of its service the ability to communicate by means of a computer system, and
ii. any other entity that processes or stores computer data on behalf of such communication service or users of such service.
d. "traffic data" means any computer data relating to a communication by means of a computer system, generated by the computer system that formed part in the chain of communication, indicating its origin, destination, path or route, time2, date, size, duration or type of underlying [network] service.
Article 20 - Real-time collection of traffic data
1. Each Party shall adopt such legislative and other measures as may be necessary to empower, for the purpose of criminal investigations or proceedings, its competent authorities to:
a. collect or record through application of technical means on the territory of that Party, and
b. compel a service provider, within its technical ability, to:
i. collect or record through application of technical means on the territory of that Party, or
ii. co-operate and assist the competent authorities in the collection or recording of, traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system.
>> Draft in Full Text
10. December 1997: G8 Cybercrime Meeting, WASHINGTON, D.C.
Meeting of the Justice and Interior Ministers of The Eight
December 9-10, 1997
At the Summit of The Eight in Denver, our Heads of State and Government directed us to intensify our efforts to implement the forty recommendations of the Summit of Lyon, in order to combat transnational organized criminal activity posing an ever-greater threat to the individual and collective security of our citizens.
[ ... ]
Our responsibility is not only to react to the activities of organized criminal groups, but also to anticipate and prevent their growth.
>> Communique in Full Text
Shortcut for this page:
http://quintessenz.org/data_retention
|
|
|
|
|
|
|