On 18 April 2011, the European Commission issued a report in which it evaluates Directive 2006/24/EC of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks (the “Data Retention Directive”). This Directive requires providers of publicly available electronic communications services and of publicly available telecommunications networks (the “Providers”) to retain communications traffic data and location data for a period between six months and two years. The Data Retention Directive, which allows law enforcement agencies to use communications traffic data for the prosecution of serious crimes, was enacted following a vigorous debate among privacy advocates, telecom operators and law enforcement agencies. As a result of this debate, the European legislator provided that the impact of the Data Retention Directive had to be evaluated by 15 September 2010.
In this evaluation report, the European Commission concluded that there are some substantial inadequacies in the Data Retention Directive. According to the European Commission, one of the most important inadequacies of the Data Retention Directive is that it provides for ambiguous wording on certain crucial provisions of the directive. As an example, the European crimes” as used in Article 1 of the Directive is not sufficiently defined. Due to this ambiguity, some Member States allow the use of retained communications traffic data for the investigation and prosecution of almost all criminal offences, whereas other Member States only allow data retention for the prosecution of a limited number of crimes. The evaluation report also addresses the financial aspects of data retention. According to the European Commission, the obligation to retain communications traffic data represents a substantial cost to Providers. Since the Data Retention Directive does not provide for a regime relating to the allocation of the costs of data retention, some Member States provide that Providers will be reimbursed for the retention of communications traffic data whereas other Member States do not provide for such a regime. Given that these differences in national reimbursement schemes might adversely affect some smaller Providers, the European Commission will consider ways of providing consistent reimbursement schemes that are applicable to all Providers.
As a general conclusion, the European Commission concludes that the Data Retention Directive failed to generate a harmonized approach towards data retention in the European Union. In order to create such a harmonized approach, the European Commission proposes to revise the current data retention framework. In its evaluation report, the Commission proposes to revise the Data Retention Directive on the basis of the following criteria:
- the purpose for which data retention can be used must be clearly defined in the revised directive;
- the periods during which the data is to be retained must be shortened and harmonized; and
- the revised directive must clearly specify which law enforcement agencies are entitled to have access to retained communications traffic data.
Prior to enacting a revised Data Retention Directive, the European Commission will consult all relevant stakeholders including law enforcement agencies, privacy advocates and the telecommunications sector. On the basis of its findings, the European Commission will Commission states that the notion “serious draft an impact assessment on data retention, which will be used as a basis for the revised Data Retention Directive. (LDA)
The report can be found on http://ec.europa. eu/commission_2010-2014/malmstrom/ archive/20110418_data_retention_evaluation_ en.pdf.