Data Retention Directive: reactions related to the costs involved

By EDRi · January 18, 2006

After the European Parliament adopted the data retention directive, in
many countries the debate only began about the costs. The European
Parliament decided to delete the article that demanded cost
reimbursement for all additional costs of retention, storage and
transmission of data. In the draft directive adopted by the Civil
Liberties Committee, Members had initially called for a full
reimbursement of the costs.

The question everywhere is who’s paying for the data retention. The
costs don’t just involve storing space but also the management,
development and security of these data. This concern is shared not only
by ISPs but also by the police in some countries, where they are obliged to
reimburse the costs for the retrieval of these data.

According to Finland’s Ministry of the Interior if the original proposal had
been adopted it would have involved costs of about Euro 5.5 billion Euro for
his country. As it is now,mandatory data retention is limited to VoIP
services and operators’ own email. It does not concern Internet calls or
www-based email services, the costs for the state reaching, under the
circumstances, about 10-40 million Euro. Mandatory data retention will also
be applied only to those companies that are authorized as telecom services.

Some of the experts expressed this concern as according to them unlike
telephone calls where things are rather clear, Internet traffic data
retention is more tricky. It is not as easy to separate between data and
content and the practical solution will probably be to get everything and
throw what content should not be kept. This will trigger rather elaborated
filtering methods for the ISPs and implicitly costs. Richard Clayton from
the Cambridge University Computer Lab who has written a doctoral
dissertation in data retention, considers that the EU does not understand
the Internet and therefore created an act that if applied as such will
involve high costs.

A debatable aspect is also the retention period of two years; the Internet
is moving fast and changes rapidly. Traffic data as old as two years may
very well be obsolete at the rate addresses and sites change. One other
major concern is that these data will not only be used to fight terrorism as
initially intended, but will be used is civil cases as well. Questions arose
whether this directive would protect citizens from unauthorized access to
their private, confidential data.

Charles Clarke, Home Secretary, while giving assurances that the human
rights will be observed and while stating he understands the ISPs concerns
regarding the costs related to data retention, doesn’t offer any clear
answers and is appealing for a dialogue between the Government and the
industry in order to co-operate in enforcing the law but expressing no
commitment to a clear system of reimbursement of data retention costs to
ISPs.

Will logging your email combat terrorism in Europe? (12.01.2006)
http://technology.guardian.co.uk/weekly/story/0,16376,1683944,00.html

ISPs, telcos and police voice fears over data retention cost (13.01.2006)
http://news.zdnet.co.uk/business/legal/0,39020651,39246970,00.htm

Finland: Ministries comment mandatory data retention (15.12.2005)
http://e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=45216

Data law passed in EU seen as restrictive (15.12.2005)
http://www.iht.com/articles/2005/12/14/business/data.php

MEPs vote for mandatory data retention (14.12.2005)
http://www.theregister.co.uk/2005/12/14/eu_data_retention_vote/