The European Union requires its members to store telecommunications user data, but several countries, including Germany, are not enforcing the legislation. Now they must reckon with legal pressure from Brussels.
The EU requires telecom companies to store phone call data
The European Commission on Monday promised to review a controversial directive demanding the storing of telecommunications data, amid complaints the measure did not provide for sufficient user privacy.
"Whilst there are no concrete examples of serious breaches of privacy, the risk of data security breaches will remain unless further safeguards are put in place," a statement by the Commission read.
"The Commission will therefore consider more stringent regulation of storage, access to and use of the retained data."
Malmstrom said the directive was essential to fighting crime
The decision comes in light of irregularities in the policy's implementation across the European Union's 27 member states - including a handful which do not enforce the directive at all.
Austria and Sweden never made laws to implement the measure, while Germany stopped enforcing the directive after the country's Constitutional Court in 2010 overturned its implementation of the EU guideline. Similar action has been taken by courts in the Czech Republic and Romania.
The so-called Data Retention Directive was adopted in 2006 in a bid to combat terrorism, following bomb attacks in Madrid and London. The measure calls for the storage of information pertaining to telephone calls and e-mails, such as names and addresses of the communicating parties and the time and date of the communication. The legislation does not require the content of phone calls or e-mails to be saved.
More wrinkles to iron out
Cecilia Malmstrom, the EU's commissioner for home affairs, said law needed to be implemented across the bloc.
The Commission has already asked the European Court of Justice to slap heavy fines on Sweden for its refusal to comply.
"There can be no exception in this case. The law has to be followed," Malmstrom, a Swede herself, told reporters Monday.
Malmstrom said there also had to be regularization in terms of government compensation to telecommunications companies, which she said varied from country to country - as did the length of time data was preserved, from six months to two years.
"We need a more proportionate, common approach across the EU to this issue. I therefore intend to review the directive to clarify who is allowed to access the data, the purpose and procedures for accessing it," she said.
Despite the kinks, Malmstrom defended the legislation as essential to fighting crime.
Germany's justice minister only wants to store data from those suspected of criminal activity
"Such data are used as evidence not only to convict the guilty of serious crimes and terrorism, but also to clear the innocent of suspicion," she said, adding, "Retained data was for example crucial to the success of Operation Rescue, which helped reveal the identities of 670 suspected members of an international pedophile network and protect children from abuse in member states where the directive has been transposed."
Privacy über alles
Despite threats from Brussels, debate over the directive continues in Germany, where privacy rights and fears often carry more weight than in other EU countries.
In March 2010, Germany's Constitutional Court overturned legal transposition of the directive on the grounds that it violated privacy rights, though the court did not find fault with the European Commission's guideline itself.
The Karlsruhe court also said that German law did not place enough hurdles to the state's access to telecommunications records and demanded that telecom companies erase the data they had already collected.
Germany's Constitutional Court overturned the country's data retention law
Germany's parliament has yet to agree on new data storage legislation. Justice Minister Sabine Leutheusser-Schnarrenberger, who in March 2010 lodged a complaint with the Constitutional Court against the data retention laws, advocates the so-called "quick freeze" method, which would only call for telecommunications data to be stored in cases where the authorities had concrete suspicions of illegal activity.
Most EU states, however, have deemed that approach an insufficient interpretation of the directive.
If Germany fails to implement the directive of its own accord, Brussels could take legal action to force Berlin to pass new legislation.
Author: David Levitz (AFP, dpa, epd)
Editor: Nancy Isenson