IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

ITAA Airs Concerns Over Proposed European Data Retention Framework

Data preservation -- the retention of data for a specific case and for a finite period, as practiced in the U.S. and elsewhere -- should remain the preferred method for investigative cooperation, and member states should be permitted to favor preservation over retention

The Information Technology Association of America (ITAA) this week said to the European Commission that it is deeply concerned about the costs and technical difficulties of complying with existing and proposed rules for traffic data retention.

ITAA said that "inconsistent and disproportionately heavy retention requirements will drain limited resources without strengthening either the cooperative bond between law enforcement authorities and communication service providers or the investigative utility of the information retrieved from such measures."

Responding to a European Commission Consultation on the issue, ITAA said on-going cooperation and recent cases demonstrate that the overwhelming majority of law enforcement data access requests are addressed with data less than weeks old. ITAA indicated that no justification exists for retaining data longer than individual provider business cases and certainly for no more than three to six months. ITAA noted that longer proposals -- some to retain data for three years or more -- neither constitute an appropriate and proportionate measure within democratic society nor provide necessary safeguards to national and public security-related interests.

In noting that the overhead costs fail to justify the law enforcement benefits of longer term data storage and retention, ITAA President Harris N. Miller made a comparison, "Imagine, for example, that a postal service would have to make a copy of every single parcel, letter or postcard, in addition to all information on the movements of the individual postal courier, and store it for 12-36 months or greater."

Miller indicated that any directive or framework decision addressing retention should harmonize rules among the 25 European Union member states, and he pointed out several other concerns with the draft:
  • Data "preservation" -- the retention of data for a specific case and for a finite period, as practiced in the U.S. and elsewhere -- should remain the preferred method for investigative cooperation, and member states should be permitted to favor preservation over retention
  • To be useful to law enforcement, raw data -- even in limited cases where it is retained in the course of business -- must be restored to become identifiable, a process that is both time-consuming and costly
  • Existing and proposed member state laws differ greatly both in the durations and definitions of data to be retained
  • Traffic data definitions lack clarity in current laws and proposals and must be sufficiently flexible to assimilate next generation communications services
  • If retention is to be viable in the single market, any duration established by a framework should act as a ceiling supported by the demonstrable need of law enforcement, not as a suggested scope.
ITAA also indicated that for data retention to remain a "proportionate" tool for law enforcement, it must also include a pan-European cost reimbursement scheme to cover retention costs and safeguard privacy rights; restrict access to law enforcement and for criminal investigative purposes; and include waivers protecting service providers from liability for acting in accordance with a court order to provide access to retained data.
A copy of the ITAA letter is available on the Web.
Sign up for GovTech Today

Delivered daily to your inbox to stay on top of the latest state & local government technology trends.