Historical telecommunications data are highly valuable in the investigation and prosecution of crime and the protection of the public. Under EU law, telecommunications service and network providers are obliged to retain certain categories of data for a specific period of time and to make them available to law enforcement where needed. The Commission is currently reviewing this law.
Telecommunication service providers or operators store clients' personal data for the purposes of transmitting communications, invoices, and interconnection payments, marketing and certain other value-added services. Because of the value of these data in preventing danger and investigating criminal activity, the EU has sought to ensure that they are made available to law enforcement authorities.
The Data Retention Directive requires operators to retain certain categories of data (for identifying users and details of phone calls made and emails sent, excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism.
28 EU States have notified the Commission about the transposition of the Directive into their national law. However, of these, Germany and Belgium have only transposed the legislation partially.
Law enforcement authorities in most EU States have reported that retained data play a central role in their criminal investigations. These data have provided valuable leads and evidence that have resulted in convictions for criminal offences and in acquittals of innocent suspects in relation to crimes which, without an obligation to retain these data, might never have been solved.
However, the application of data retention continues to be uneven. The diversity of approaches - in terms of limitations to the use of data, data storage periods and other aspects, such as reimbursement of costs of complying with data retention rules - means that there is no level playing field for service providers and consumers across the EU. This has presented considerable difficulties for the industry. Furthermore, there is a need to strengthen the protection of personal data and to minimise the risk of breaches of privacy during storage, access and use.
The Commission has set up an experts group [64 KB] to advise on best practice in the implementation of the Data Retention Directive. Details about the composition and tasks of the group can be found in the Register of Commission Expert Groups (reference E02933).
The first meeting of the group took place on 10 October 2013 (Draft agenda [13 KB] , Draft minutes [224 KB] and Addendum [303 KB] ) where rules of procedure [170 KB] , and a work programme [221 KB] were agreed.
Information on the previous experts group which met between March 2008 and December 2012 can be found here.
The Commission's evaluation report , presented in April 2011, concluded that the EU should continue to support and regulate the storage of, access to and use of telecommunications data. However, EU rules in this area need to be improved to prevent the different types of operators from facing unfair obstacles in the Internal Market and to ensure that high levels of respect for privacy and the protection of personal data are applied consistently.
As Commissioner Malmström stated in the European Parliament in October 2012, the Commission has continued to consult the judiciary, law enforcement authorities, data protection authorities, industry, civil society organizations and consumers on the options for reforming the current framework. Emerging themes can be found here. The Commission intends to propose changes to EU data retention, although there is no precise timetable at present.
The Commission also announced in the report on the evaluation that it would consider whether and how an EU approach to data preservation might complement data retention. An independent external study on current approaches to data preservation in EU Member States and third countries [417 KB] was carried out between December 2011 and November 2012 by the Centre for Strategy and Evaluation Studies. The researchers conducted surveys of law enforcement authorities, service providers, data protection authorities and NGOs, and held a seminar with experts in May 2012. Input was received from 15 countries – 13 EU Member States plus Croatia, Norway and the United States. The study finds that data retention and data preservation are complementary rather than alternative instruments and that data retention plays a role in ensuring that data are kept, which is sometimes a prerequisite for data preservation, as data may have already been deleted before a data preservation order is issued.
In the absence of a generally accepted definition under international law, “terrorism” can be defined as ...
Personal data processed in connection with the provision of electronic communications services.
Charged by network operators on other service providers to recover the costs of the interconnection facilities ...
Data retention refers to all obligations on the part of controllers to retain personal data for certain purposes...
Characteristics or information, usually numerical, that are collected through observation.