Data-retention scandal in Ireland
Ireland has had a secret data retention regime for almost a year, after the Cabinet confidentially instructed telecommunications operators to store traffic information about every phone, fax and mobile call for at least three years. The Irish Data Protection Commissioner Joe Meade revealed this last monday at a forum on data retention. Telcos even used to keep these data for a period of 6 years, the commissioner found out in January 2001, when he obliged ISPs and telcos to register with the Office for Data Protection. Following EU privacy-guidelines the Commissioner pressed for a maximum retention period of 6 months.
Meade said: ‘While this period was eventually acceptable to most of the telcos and ISPs it raised legitimate concerns in the Department of Justice regarding access for security and crime investigations. Following discussions with me the Department indicated that a retention period of three years, rather than the then six years, was necessary for security purposes for telcos.’
In spite of the Commissioners protest, in April 2002 the Minister for Public Enterprise issued directions to telcos to keep detailed, non-anonymous traffic data for a three-year period. Without any public debate government went on to prepare official legislation, Meade stated, including mandatory data-retention for internet providers. Details are not yet known, but legislation could oblige providers to keep track of the destination, origin, timing, size and itinerary of every e-mail, as well as the locations of every website visited by every customer.
The Irish scandal comes at a time of relative quiet about a possible European decision about mandatory data retention. In September 2002 the answers to a questionnaire became available, showing a large majority of EU member states in favour of a decision for systematic retention of traffic data concerning all kinds of telecommunication for a period of one year or more. The Danes concluded their presidency of the Justice and Home Affairs Council in December 2002 with the recommendation to organise more discussions with the industry. Under current Greek presidency, the topic seems to have dropped from the priority-list.
All over Europe, the privacy authorities, organised in the Article 29 Working Party, have expressed grave doubts about the legitimacy and legality of such broad measures and stated that systematic retention of all kinds of traffic data for a period of one year or more would be clearly disproportionate and therefore unacceptable in any case.
Statement by Joe Meade (24.02.2003)
Conclusions Danish Presidency 15763/02 (19.12.2002)
Answers to questionnaire on traffic data retention (November 2002)
Statement of the European Data Protection Commissioners (September 2002)