The EC Data Retention Directive: Legal Implications for Privacy and Data Protection

Ii. Background Of The Data Retention Directive

The blanket retention of communications data for the purpose of law enforcement was a measure first proposed by the EU Telecommunications Council shortly before the 9/11 terrorist attacks upon New York and Washington D.C. in 2001. Under this early proposal, Internet Service Providers (ISPs) would be required to retain all citizens’ communications data from telephones, mobile phones, faxes, emails and other internet use for up to 7 years (Lillington, 2001a). After the 9/11 attacks, the President of the United States of America sent a communiqué urging the EU to adopt provisions for the blanket retention of communications data “in the international effort against terrorism” (United States Mission to the European Union, 2001). More than thirty international civil rights organizations expressed concern to the EU Council of Ministers and U.S. President George Bush regarding the threat to civil liberties and the right to privacy posed by this unprecedented measure (Global Liberty Internet Campaign, 2001). These civil liberties organizations also highlighted the absence of such a data retention obligation for ISPs in the U.S. and pointed out that “there is a significant risk, if this proposal goes forward, that US law enforcement agencies will seek data held in Europe that it could not obtain at home, either because it was not retained or because US law would not permit law enforcement access.” The opposition of the Article 29 Working Party, Data Protection Commissioners across the European Union, was more direct: