Italy: five years data retention

By EDRi · January 28, 2004

On 28 January 2004, the Italian Lower House approved of a governmental decree-law on mandatory data retention by telephone and internet companies. Government issued the decree on 24 December 2003, without any prior parliamentary debate. All data about electronic communications must now be stored for a period of 5 years.

According to the privacy-group ALCEI, the new law isn’t much more restrictive, or mischievous, than rules and practices that were already into force or are likely to follow. “The decree is messy, poorly conceived and confusing – hastily put together to amend the previous one (from June 2003) that made data retention compulsory but (for alleged ‘privacy’ reasons) set a limit of 30 months.”

In the new decree, the retention period is extended from 30 to 60 months. The older data must be separately accessible and usage is limited to particularly serious crimes including kidnapping, organised crime and terrorism, as well as crimes against IT or online systems.

ALCEI raises some serious objections against general data retention, because of the implication of guilt of every user of telecommunications. Using a vague criterion like terrorism enables the state to access any data at any time, ALCEI fears:

“Things get seriously worse with a dangerous and dramatic threat such as terrorism. There is a real need to prevent and pre-empt – i.e. to find and stop terrorists before they act. That can be done in a civilised manner. It is more effective, as well as ethically correct, to avoid witch-hunts, to stay away from prejudice and arbitrary ‘categorisation’ – and to avoid any violation of those human rights, and personal freedoms, that anti-terrorism actions claim to be protecting. In this context data retention (combined with the arbitrary, and often clumsy, criteria of data analysis and clustering) plays a key role, because it encourages the creation of as many ‘behaviour patterns’ as suit the whims of whoever is searching – or of whoever else, for any reason, has access to the data.”

On 14 January the Lower House accepted a motion about privacy, specifically calling on government to take initiatives aimed at careful treatment of traffic data from mobile phones. According to privacy-experts, the motion is purely cosmetic. Underneath there must have been some serious lobbying going on. Previous to the decree-law, ALCEI and 2 ISP-associations saw a much stricter decree-law, including the retention of the content of e-mails. The law now accepted by the Lower House specifically excludes the content of e-mails from the data retention obligations.

Shorthand report about the vote in the Lower House (28.01.2004)

Statement ALCEI on data retention (24.01.2004)

Statewatch article with commentary Italian DPA (January 2004)