92002E2307

WRITTEN QUESTION E-2307/02

by Erika Mann (PSE) to the Council

(25 July 2002)

Subject: Mandatory data retention

According to the views of European Data Protection Commissioners, mandatory data retention as adopted recently in the EP constitutes a clear change from the current practice whereby operators cooperate with law enforcement agencies on a case-by-case and individual basis following an authorisation or warrant.

Could the Council clarify how this issue will, in future, be dealt with under the first and third pillars, and how it will ensure that any EU initiative in the area of data retention is carried out in a coordinated and transparent way involving full consultation of all interested parties (law enforcement agencies, data protection officials, users, and industry), services (DGs JHA, InfSo, Internal Market, SanCo) and Parliament?

How will the Council address the issue of the cost of keeping the data secure against external and internal misuse?

How will the Council address the liability implications of data retention for communications companies, should data be misused or in instances where data that is forwarded to LEAs turns out to be wrong and leads to misinterpretation and even wrong judgments?

How will the Council ensure that compliance costs are not prohibitive to new market entrants and small ISPs?

Reply

(16-19 December 2002)

On 12 July 2002 the European Parliament and the Council adopted Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector. This Directive will replace Directive 97/66/EC, which has been adapted to market and technological developments.

As far as the retention of data is concerned, the aspect to which the Honourable Member refers, the new Directive makes no substantive changes to the current provisions. Like Directive 97/66/EC, it lays down the principle (Article 6) that traffic data must be erased when it is no longer needed for the purpose of the transmission of a communication; at the same time, it provides for a number of exceptions. One of these is that Member States may adopt legislative measures to restrict the scope of certain rights and obligations under the Directive, when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security, defence, public security, and the prevention, investigation, detection and prosecution of criminal offences. The main changes introduced here by Directive 2002/58/EC (Article 15) consist in specifying, firstly, that the retention of traffic data for a limited period is one of the measures that may be taken, and, secondly, that all restrictive measures must be in accordance with the general principles of Community law. It should also be noted that recital 11 of the Directive sets out the strict conditions with which those measures must comply. The provisions do not therefore impose an obligation to retain traffic data.

It will the Commission's task, in accordance with the Treaty, to ensure that these provisions are applied.

The Council has no knowledge of any new legislative initiatives under consideration in this area.