- European telecommunication ministers agreed this week to leave the decision on how long phone companies and internet service providers (ISPs) should retain data on their customers up to national governments.
The question of data retention was raised during a ministerial debate about a new data protection directive for the communications industry published by the European Commission.
"The ministers agreed that the directive should not prevent individual member states from the lawful interception of data for a limited period," says a spokesman at the Council of Ministers after the meeting in Luxembourg ended. "This gives the member states the right to choose the length of time that data in that country should be held."
The UK is known to favour a system that forces ISPs and telecom operators to hold onto data, such as the content of phone calls or email messages, in the interests of crime prevention.
"If there is a stabbing in a pub and the landlord of that pub received a phone call asking if the victim was there just half an hour before the stabbing, then it would be important for the police to know who made that phone call," explains a UK diplomat present at the debate in Luxembourg.
Four EU countries already have laws permitting limited access to telecom data: Belgium, France, the Netherlands and Germany. The UK is likely to pursue its own legislation too, the diplomat says.
"It is likely that we will require data retention for somewhere between two months and seven months," he says. He describes reports that the UK was seeking retention of data for seven years as "absolute rubbish."
One of the tricky issues in finding a balance between law enforcement and guarding citizens' civil liberties concerns billing arrangements which permit the subscriber unlimited and unmetered access to his phone or internet connection.
"In this regard we are further ahead than other countries," the UK diplomat says. America Online and UK ISP Freeserve both offer unmetered access, which is still rare on the European continent. "If the person responsible for the hypothetical pub stabbing scenario made his call to the pub as part of an unmetered telecom subscription package then there is a risk that the data wouldn't be kept," he says.
However, others fear that granting police the right to this sort of data should only be made available in exceptional cases, rather than allowing the police potential access to all telecom data.
The European Commission favors the view laid down in the existing data-protection directive which forbids the retention of data for any longer than is required for billing purposes.
Meanwhile, ministers failed to agree on how to tackle spam. Member states of the EU are divided over whether senders of mass emails should offer recipients the option to opt out of their target list, or whether they should only be able to target people once they have opted in to the sender's mailing list.
The current wording of the directive calls for a harmonised opt-in approach across the EU. But the UK diplomat says this clashes with the e-commerce directive, which allow member states to choose between opting in and opting out themselves. This debate has important repercussions for the direct mail industry.
Four countries have already adopted legislation based on an opt out approach: the UK, France, Ireland and Luxembourg. "The European Parliament will be very important in this debate," the UK diplomat says.
The debate will continue in October, after the European Parliament has given its views on the new data protection for communications directive. It is expected to do so before the August break.