Latest News

Connectivity

Regulatory Review: Data Retention In Europe

By Staff Writer | February 1, 2006

    By Gerry Oberst

    In the last days of December, the European Union was poised to adopt rules on data traffic retention that telecommunications providers must save for law enforcement purposes – rules that could cost some satellite operators and service providers very substantial amounts of time and money.

    Remarkably, for a continent that highlights its protection of data privacy and attention to human rights, the new rules would likely have a very intrusive impact. Data retention is not the same as legal interception of data – most countries have rules on when law enforcement or national security authorities can intercept specific transmissions to find out the content of the messages. Nor is retention the same as preservation – U.S. law provides that authorities can obtain judicial warrants to save the traffic data from particular sources or individuals.

    Data retention in the new European legislation is a requirement to save all traffic data about all transmissions for a set period of time. This data covers when a message was sent, to whom, from whom, how long, the numbers involved and so on – everything but the content of the message.

    The run-up to these rules has been controversial, with privacy advocates mounting huge lobbying and education campaigns against proposals raised in the European Council of Ministers. At a meeting in April 2004, France, the United Kingdom, Ireland and Sweden initially submitted a proposal for a framework decision on data retention. That proposal stemmed from a declaration on combating terrorism that the Council adopted in March 2004.

    Objections immediately arose to the privacy implication and expense of forcing communications companies to store substantial amounts of data against the chance that some of the information would be needed in terrorist investigations. But there was a political side as well – the European Parliament and Commission maintained that the Council could not unilaterally adopt this kind of legislation without involving them.

    Thus, the Commission adopted its own proposal in September, which in some ways is less strict than the Council approach. During this period, the Council was threatening to go it alone, due to a perceived urgent need for the new law.

    In the end, the Parliament moved with unusual speed and adopted a position in late November that was less strict than the Council. But then, after even more political machinations, a compromise was reached in mid-December that brought the sides together. Unfortunately that final legislation looks to be very onerous for industry.

    The new rules would cover data relating to traffic for telephony, short messaging services and Internet protocol messages. The scope could apply to providers of mobile satellite service and traffic over very small aperture terminal networks, as well as other satellite sectors. This data is to be kept for six to 24 months, depending on the national government rules, and even longer if the Commission approves a national rule. This is a real risk, as Poland already had proposed to require data to be saved for 15 years.

    Judicial authorities and other authorities responsible for detection, investigation and prosecution of serious criminal offenses are to have access to the data. The access is granted on a case-by-case basis, and criminal penalties would apply to operators who do not comply.

    Operators have been up in arms over the cost implications. Although the Parliament originally would have required the authorities to reimburse operators, the parliamentarians caved in during the final negotiations and agreed to leave it up to each national authority to decide whether to reimburse the costs for retention, storage and access.

    Some governments already have indicated they do not intend to reimburse operators for these costs. But the costs are not small. "Research shows that the amount of data collected would be 20,000 to 40,000 terabytes or the equivalent to 10 stacks of files each reaching from Earth to the Moon, and the cost to each affected company would be 180 million euros (more than $210 million) per year," according to the American Chamber of Commerce to the European Union. Those costs were likely to be estimated on the basis of Internet providers who are worst hit by the new rules and by traditional telephony operators, which would to story information about every single call made, but they give some indication of what could be faced by satellite services.

    While the final version was all but certain to become law before the end of the year, we expect challenges to the rule on privacy and other grounds to continue through 2006.

    Comments