The European Commission is proposing telecommunications operators and internet service providers should be compensated for the extra costs of collecting and storing call data to help law enforcement officers track terrorists.
European Justice and Security Commissioner Franco Frattini will shortly present draft legislation that will require telecos to collect and store call data for a maximum of 12 months and ISPs for a maximum of six months.
The proposal, which has to be approved by European Union (EU) governments and members of the European Parliament (MEPs), calls for companies to be compensated by their national governments for the additional costs of collecting and storing data beyond their current practices for billing and other commercial purposes.
However, telcos are still concerned that the Commission’s proposal will impose unreasonable burdens on them.
“We need further dialogue [with the EU institutions] to ensure that the measures being proposed are proportionate and effective for law enforcement,” says Thierry Dieu, a spokesman for the European Telecoms Network Operators’ Association (ETNO).
“Problems arise from the fact that we will have to upgrade our network to collect data which is not currently kept for commercial purposes”, he adds.
The industry argues that modern forms of charging for calls, such as flat-rate tariffs and the spread of Voice over Internet Protocol (VoIP) services means that many companies do not gather the data law enforcement agencies require.
The legislation is a key part of a raft of measures being debated by the EU as part of its effort to step up the fight against terrorism, especially in the wake of the London bombings in July, when police were able to track terror suspects by examining mobile phone records. The rules are a key objective of the UK government, which is currently chairing EU meetings.
Despite the industry’s concern about the plan, the commission’s proposal imposes less of a burden on the teleco industry than a rival proposal which has been discussed in the Council of Ministers, which is made up of representatives of EU governments. Under that proposal, which was drawn up following the Madrid railway bombings in March 2004, telcos and ISPs would have to store data for up to three years.
However, the council proposal, which was drawn up by the UK, France, Ireland and Sweden, needs to be approved unanimously by all 25 EU member states, whereas the commission’s proposal only needs the backing of a majority of EU governments.
However, it must also be approved by members of the European parliament, who have been very opposed to such rules in the recent past.
In June, MEPs voted against introducing EU-wide data retention rules, backing a report which said that such measures were “disproportionate” and would impose an unreasonable burden on industry, while infringing data protection rights.
The commission’s proposal will be accompanied by a separate proposal for data protection rules, which would apply to the stored data and would address concerns about the loss of privacy.
For example, while the data could be freely transmitted to law enforcement agencies in another member state, there would be more strict rules for transfers to private parties. There would also be limitations on the processing of data revealing a person’s race, religion or political views.
Under the commission’s proposal, the data which would have to be retained include: the source and destination of calls; the date, time and duration of calls; the type of communication; the type of device used, and the location of mobile phones.
EU interior ministers are expected to discuss the commission’s proposal this month in October and it is hoped that an agreement can be reached between the council and parliament by the end of the year. Member states would then have 15 months to put the new rules into effect.