EU approves two-year data retention policy

Telecommunications companies and ISPs (Internet service providers) face a massive increase in data storage requirements after European Union lawmakers voted Wednesday to require companies to keep data for up to two years.

Members of the European Parliament (M.E.P.s), the European Union's directly elected assembly, voted overwhelmingly for new rules on data retention requiring companies to keep traffic and location information for a minimum of six months and a maximum of two years. Some countries will be allowed to require that data be kept longer. The content of calls will not have to be stored.

Law-enforcement authorities in the country where data is collected will have an automatic right to access it. Such authorities in countries outside of the European Union will have access if data-sharing agreements exist with the country in question.

The vote in the Parliament follows an identical decision by representatives of the E.U.'s 25 member governments in the Council of Ministers at the start of December. The common position of the two decision-making bodies means that the new rules will take effect in about 18 months for telephone data. The new rules for Internet data will come into force three years from now.

The U.K. government, which is currently chairing E.U. meetings, made getting an agreement on the rules a priority following the London transportation bombings in July. Police and intelligence services used mobile phone records and closed-circuit TV footage to identify and track down suspected perpetrators of the attacks that killed 55 people.

U.K. Home Secretary Charles Clarke said that Wednesday's agreement sends a "powerful message that Europe is united against terrorism and organized crime."

However, the new rules have come under fire from civil liberties campaigners. The new requirements are a "green light for mass surveillance, fishing expeditions and profiling," said U.K. Liberal Democrat M.E.P. Sarah Ludford.

"Real terrorists escape detection by using foreign Internet service providers like Hotmail and Yahoo, Internet cafes, and pay-as-you-go phones while ordinary citizens could find details of their movement, acquaintances and favorite Web sites circulating [among government officials]," she added.

She also warned that customers may see phone call prices rise as telecom companies and ISPs pass on the cost of storing data and making it available to law enforcement authorities. Ludford has been fighting to limit the period for storing data to a maximum of 12 months.

Under the agreement struck Wednesday, data would have to be retained for "investigation, detection and prosecution of serious crime." Data on calls that are placed, but not answered has to be retained only if the telecommunications company already stores such data. Reimbursement of costs to telcos and ISPs will be up to each member state and the rules will be reviewed three years after they come into force.