Following patchy adoption and the recent publication of a report critical of its effectiveness, the European Data Protection Supervisor (EDPS) has weighed in on the European Union (EU) Data Retention Directive.
The EDPS yesterday said the current law does not meet the requirements of fundamental rights to privacy and data protection and called for its revision or replacement.
It said the directive has failed to meet its main purpose, in response to the recent publication of the European Commission's evaluation of the 2006 Data Protection Directive.
The purpose was, "namely, to harmonise national legislation concerning data retention," wrote EDPS and Dutch Data Protection Commissioner Peter Hustinx.
The Commission's own evaluation released on 18 May found that, while the directive has proven useful in criminal investigations, it needed revision and improvements in response to the fact that not every EU member state has adopted it and, in cases where they have, retention requirements vary wildly.
"Such a lack of harmonisation is detrimental to all parties involved: citizens, business operators and law enforcement authorities," he concluded.
The publication highlighted a number of shortcomings with the directive, including the fact that it was closely related to the EU ePrivacy Directive.
The Data Retention Directive, which builds on and complements the general Data Protection Directive (95/46/EC), mandates that member states should ensure the confidentiality of communications and related traffic data.
But the ePrivacy Directive requires that traffic and location data generated by using electronic communications services must be erased or anonymised when no longer needed for communication or billing purposes.
The EDPS also questioned the law's compatibility with privacy rights. "Data retention as regulated in the Data Retention Directive, in any event, goes beyond what is necessary," continued the EDPS opinion, adding: "Data retention could have been regulated in a less privacy-intrusive way."
And it even went so far as to call for the possibility of repealing the law completely or combining such a move with a proposal for an alternative, more targeted EU measure.
The UK is among those not to have adopted the retention directive, relying on the Data Protection Act to ensure it is compliant with EU requirements.
Have your say on this article
Newsletters
Latest stories from Privacy
Latest videos
You may also like
Privacy jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
