London attacks prompt EU to prioritize data retention

BRUSSELS - The European Commission intends to accelerate plans to put forward new rules requiring telephone and Internet operators to store data for law enforcement agencies in the wake of the terrorist bombings in London on Thursday, a senior official said Friday. But the new plan would cut the time data had to be stored to a maximum of nine months compared to one year in an earlier proposal.

Jonathan Faull, director general of the EC's justice, freedom and security department, said on Friday that it would present a proposal for data retention "as soon as possible". The proposed directive would require telecommunications operators and Internet service providers to collect and store a wide range of data for a given period so that law enforcement agencies could check the records in investigations into terrorist activities. Another Commission official, who requested anonymity and is close to the subject, said: "We can't afford not to be visible on this".

The Commission, which is responsible for drawing up draft legislation in the 25-member European Union (E.U.), had planned to present its new proposal before the end of July but national law enforcement authorities have still not finished informing the Commission the data retention period they would like. Initial indications are that the Commission will recommend keeping telephone data for a maximum of nine months and keeping Internet records for a maximum of three months.

The Commission official said that the directive would be a key part of efforts to combat terrorism and that there was a "very strong law enforcement interest" in the rules. But he added that it was important to strike a balance between the interests of law enforcement agencies, data protection concerns and the impact on industry.

Work on data retention rules started last year when four E.U. countries - the UK, Sweden, Ireland and Austria - presented a proposal in the wake of the Madrid train bombings in March which killed nearly two hundred people. The move was billed as a key measure to fight terrorism as the members of the al-Qaeda cell that carried out the attack in Spain coordinated their efforts by mobile phone. Under the proposal, providers of fixed line and mobile services, Internet service providers, and SMS (short messaging service) operators would have been required to keep data for at least one year and up to a maximum of three years. The rules apply to traffic data such as time, duration and destination of the call but do not include content.

But work has proceeded slowly on the four-country proposal. Members of the European Parliament have also attacked the scheme, saying it was "disproportionate" and would infringe data privacy rules while Internet service providers have warned that the storage requirements would "destroy" the way their industry operates.

The Commission proposal would require the approval of the European Parliament which has rejected the four-country proposal. German Free Democrat MEP Alexander Alvaro, who drafted the Parliament's opinion on the proposal, said that despite the increased political pressure to get agreement on data retention rules the proposal needed to be looked at "very carefully". He said there should be clear data-protection provisions, pointing out that although the directive was not supposed to cover content "in the case of SMS (short messaging service) messages the data is the content."

The U.K. government, which took over the six-month rotating presidency of the E.U. on July 1, had already said before Thursday's bombings that getting agreement on data retention the rules was already a key priority in the next six months and was due to be discussed by European justice and home affairs ministers at a planned meeting in October. The subject is expected to get even more attention in the wake of the London attacks.