Posted: 20th Apr, 2011 By: MarkJ

The European Commission (EC) has promised to resolve concerns with its current
EU Data Retention Directive (
Directive 2006/24/EC), which requires that broadband ISPs be made to keep basic IP address based logs of their customers internet activity (i.e. email accesses, but not content etc.).
The directive, which was constructed as part of a wider response to the
2004 terrorist attacks in Madrid (Spain), has since been widely adopted around Europe. However, its adoption has not been an easy one, with some country's raising
privacy concerns and throwing it out as "
unconstitutional". The cost of implementation has also been another headache for ISPs.
Cecilia Malmström, EU Commissioner for Home Affairs, said:
"Our evaluation shows the importance of stored telecommunications data for criminal justice systems and for law enforcement. Such data are used as evidence not only to convict the guilty of serious crimes and terrorism, but also to clear the innocent of suspicion.
But the evaluation report also identifies serious shortcomings. We need a more proportionate, common approach across the EU to this issue. I therefore intend to review the Directive to clarify who is allowed to access the data, the purpose and procedures for accessing it."
The UK's related
Regulation of Investigatory Powers Act 2000 (RIPA) and the recently revived
Interception Modernisation Programme (IMP) (
here) have also been hit by criticism. Not least for the way in which they aim to grant many non-security organisations, such as the
NHS,
Local Councils and even
Royal Mail access to this data.
This is all despite the new coalition government's original pledge in May 2010 to "
end the storage of internet and email records without good reason". It remains to be seen how that will all pan out, especially with the new EC review that must take precedence.
As a result of all this the EC has pledged to consider new ways of providing more
consistent reimbursement of the costs for ISPs and other communication providers. The commission has also promised to put more safeguards in place, which will
impose further restrictions on access to and use of the collected data.
Over the coming months the EC will consult on precisely how such amendments should be constructed, after which a formal proposal will be made and opened up for consultation. At present there is no clear timetable for any of this.