After the European Parliament adopted the data retention directive, in many countries the debate only began about the costs. The European Parliament decided to delete the article that demanded cost reimbursement for all additional costs of retention, storage and transmission of data. In the draft directive adopted by the Civil Liberties Committee, Members had initially called for a full reimbursement of the costs.
The question everywhere is who's paying for the data retention. The costs don't just involve storing space but also the management, development and security of these data. This concern is shared not only by ISPs but also by the police in some countries, where they are obliged to reimburse the costs for the retrieval of these data.
According to Finland's Ministry of the Interior if the original proposal had been adopted it would have involved costs of about Euro 5.5 billion Euro for his country. As it is now,mandatory data retention is limited to VoIP services and operators' own email. It does not concern Internet calls or www-based email services, the costs for the state reaching, under the circumstances, about 10-40 million Euro. Mandatory data retention will also be applied only to those companies that are authorized as telecom services.
Some of the experts expressed this concern as according to them unlike telephone calls where things are rather clear, Internet traffic data retention is more tricky. It is not as easy to separate between data and content and the practical solution will probably be to get everything and throw what content should not be kept. This will trigger rather elaborated filtering methods for the ISPs and implicitly costs. Richard Clayton from the Cambridge University Computer Lab who has written a doctoral dissertation in data retention, considers that the EU does not understand the Internet and therefore created an act that if applied as such will involve high costs.
A debatable aspect is also the retention period of two years; the Internet is moving fast and changes rapidly. Traffic data as old as two years may very well be obsolete at the rate addresses and sites change. One other major concern is that these data will not only be used to fight terrorism as initially intended, but will be used is civil cases as well. Questions arose whether this directive would protect citizens from unauthorized access to their private, confidential data.
Charles Clarke, Home Secretary, while giving assurances that the human rights will be observed and while stating he understands the ISPs concerns regarding the costs related to data retention, doesn't offer any clear answers and is appealing for a dialogue between the Government and the industry in order to co-operate in enforcing the law but expressing no commitment to a clear system of reimbursement of data retention costs to ISPs.
Will logging your email combat terrorism in Europe? (12.01.2006)
http://technology.guardian.co.uk/weekly/story/0,16376,1683944,00.html
ISPs, telcos and police voice fears over data retention cost (13.01.2006)
http://news.zdnet.co.uk/business/legal/0,39020651,39246970,00.htm
Finland: Ministries comment mandatory data retention (15.12.2005)
http://e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=45216
Data law passed in EU seen as restrictive (15.12.2005)
http://www.iht.com/articles/2005/12/14/business/data.php
MEPs vote for mandatory data retention (14.12.2005)
http://www.theregister.co.uk/2005/12/14/eu_data_retention_vote/