Several EU member states want to include new rules allowing for data retention in a draft privacy bill.
Diplomats from EU countries have been asked to determine whether they want new data retention rules ahead of a meeting to discuss the draft ePrivacy legislation in September.
Estonia, which is leading countries’ discussions on EU laws until the end of this year, asked national delegations after a meeting in July whether they want to add new rules to the draft bill as a way to require telecoms companies to store consumers’ personal data for a set amount of time, according to a draft memo that was leaked by the NGO Statewatch.
Justice ministers from EU countries have already agreed that they “should examine all legislative and non-legislative options to address the data retention issue, including in the context of the proposed e-Privacy Regulation.”
Any change to add data storage requirements to the ePrivacy law will be controversial. The European Court of Justice ruled an EU-wide law requiring data retention illegal in 2014. Last year, the court knocked down a similar Swedish law. But some other EU countries still have national data retention legislation.
“A number of delegations have referred to the draft e-Privacy Regulation as one of the possible options to be considered in view of the issues arising from the ECJ case law on data retention,” reads the document from the Estonian EU Council presidency.
The Commission proposed an updated version of the eight-year-old ePrivacy legislation in January, which regulates privacy rules for telecoms services and applies them for the first time to digital services like WhatsApp and Skype.
The EU executive’s proposal did not include new measures to require data retention. But it said that member states are “free to keep or create national data retention frameworks” if they comply with the EU court’s decisions against large-scale data retention laws.
But some countries want new EU legislation that guarantees that they are allowed to store data for a maximum number of years—which they argue could help police to investigate crimes.
The Estonian EU presidency asked national diplomats whether they want to be able to access more data than they can already can under current laws.
“Would these data be sufficient to respond to the operational needs of competent authorities for the purposes of the prevention and prosecution of crime?,” the presidency asked in its memo. Estonia asked diplomats to share their positions on data retention measures by 4 September, ahead of a meeting later in September.
EU countries have previously pushed for looser rules in the ePrivacy legislation that could give telecoms companies more legal ways to process and analyse consumer data, as EURACTIV reported in May.
The European Parliament is also negotiating on the ePrivacy bill. EU member states must agree on a compromise version of the law with MEPs and the Commission before it can go into effect.
But the Parliament’s draft version of the bill tightened privacy measures, compared to the Commission proposal. Estonian centre-left MEP Marju Lauristin, who authored the Parliament’s draft, proposed a legal ban on so-called backdoor technologies that could allow law enforcement authorities to access encrypted communications.