A controversial directive obliging European telcos and Internet service providers to retain customer data has been criticised by an independent data protection watchdog.
The EU’s Data Retention Directive (DRD), which came into law in 2006, requires ‘electronic communications’ providers to store the usage and location data of their customers so that it can be accessed by law enforcement agencies.
But according to the European Data Protection Supervisor, an independent supervisory body, the directive "does not meet the requirements imposed by the fundamental rights to privacy and data protection". It also argued that the need to retain data had not been demonstrated.
The EDPS called for the directive to be overhauled. It should be replaced with an alternative that is harmonious with Data Protection Directive, that has a clear and precise purpose which cannot be circumvented, and that should be proportionate and not go beyond what is necessary.
It also said that the Data Retention Directive left "too much scope" for member states to decide which data the telcos and ISPs are required to retain.
By contrast, UK justice secretary (and noted Europhile) Ken Clarke warned against any blanket approach to data protection in a speech given to the British Chamber of Commerce in Brussels.
"A preoccupation with imposing a single, inflexible, codified data protection regime on the whole of the European Union, regardless of the different cultures and different legal systems, carries with it serious risks," he said.