[LINK] EU Authorities: Implementation of Net Surveillance Directive Is Unlawful

Kim Holburn kim at holburn.net
Mon Jul 19 09:14:50 AEST 2010 

Note that in the report it says:
"More data are being retained than is allowed. The data retention  
directive provides a limited list of data to be retained, all relating  
to traffic data. The retention of data relating to the content of  
communication is explicitly prohibited.

https://www.eff.org/deeplinks/2010/07/eu-authorities

> EU Authorities: Implementation of Net Surveillance Directive Is  
> Unlawful
> Commentary by Katitza Rodriguez
> In a landmark announcement issued today, the data protection  
> officials across the European Union found that the way that EU  
> Member States have implemented the data retention obligations in the  
> 2006 EU Data Retention Directive is unlawful. The highly  
> controversial 2006 EU Data Retention Directive compels all ISPs and  
> telecommunications service providers operating in Europe to retain  
> telecom and internet traffic data about all of their customers'  
> communications for a period of at least 6 months and up to 2 years.
>
> European privacy officials from the Article 29 Data Protection  
> Working Party have been reviewing how the EU Member States have  
> implemented these obligations in their national laws.
>
> Among the most important findings of the Article 29 Working Party’s  
> report are:
>
> 	• "Service providers were found to retain and hand over data in  
> ways contrary to the provisions of the [data retention] directive."
> 	• "There are significant discrepancies regarding the retention  
> periods, which vary from six months to up to ten years, which  
> largely exceeds the allowed maximum of 24 months."
> 	• "More data are being retained than is allowed. The data retention  
> directive provides a limited list of data to be retained, all  
> relating to traffic data. The retention of data relating to the  
> content of communication is explicitly prohibited. However, it  
> appears from the inquiry that some of these data are nevertheless  
> retained."
> 	• Regarding Internet traffic data: "Several service providers were  
> found to retain URLs of websites, headers of e-mail messages as well  
> as recipients of e-mail messages in "CC"- mode at the destination  
> mail server.
> 	• Regarding phone traffic data: "it was established that not only  
> the location of the caller is retained at the start of the call, but  
> that his location is being monitored continuously."
> 	• "Member states have scarcely provided statistics on the use of  
> data retained under the Directive, which limits the possibilities to  
> verify the usefulness of data retention."
> 	• "The provisions of the data retention directive are not respected  
> and the lack of available sensible statistics hinders the assessment  
> of whether the directive has achieved its objectives."




-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list