(Dieser Artikel ist auch in deutscher Sprache verfügbar)
The UK Home Office is presently implementing the Data Retention Directive that will oblige telephony and internet service providers to keep data for 12 months. The decision was taken without any debate by simple "affirmative" votes in the parliament and the Directive is to be implemented by 15 September 2007 for fixed and mobile telephones and 18 months later for internet services (including VOIP telephony).
The Home Office intents to implement the Directive by a Regulation that will replace the current "voluntary" Code and does not seem to have taken into consideration any risk related to the privacy of personal data.
Moreover, the government says that the EC Directive covering serious crime can be used for any crime and that there is no need for public or parliamentary discussion on privacy, civil liberties or human rights issues as these have already been discussed at the EU level.
Tony Bunyan, Statewatch editor, comments: "The collection and retention of everyone's communications data is a momentous decision, one that should not be slipped through parliament without anyone noticing as the government plans to do. The government's proposal changes a voluntary agreement into a binding law, on these grounds alone there should be primary legislation. Moreover, the EC Directive limits the purpose for which data can be retained to "serious crime" but the government intends to extend the scope to all crime however minor."
Having in view the character of the data retained, consumers and telecoms companies need safeguards concerning the use of these data. Under the EC Directive, all countries are required to adopt measures that ensure the data can only be used by competent national authorities. Yet, UK's draft regulation and consultation process makes no reference on this. Also there is nothing in the Regulation covering sanctions and remedies for unauthorised use of the data as stipulated in the EC Directive.
Further more, the data can also be obtained in the absence of existing court proceedings and can be available to anyone who can convince the Courts that they have a right to access them.
Keeping personal data should help law enforcement authorities in their fight against crime and for national security purposes. On the other hand, telecom companies must protect their customers' privacy and, according to the draft regulations, they will not be able to protect these data by destroying it.
The only positive element for them is that, at least, the government proposes to compensate them for compliance costs and litigants are obliged to pay for disclosure of documents which they request from third parties.
Mandatory data retention in the UK - Statewatch analysis (05.2007)
http://www.statewatch.org/news/2007/may/uk-data-ret.pdf
Data retention: a balancing act for telcos (10.05.2007)
http://business.timesonline.co.uk/tol/business/law/article1774049.ece