IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

EU Directive on Data Retention Becomes Law; Compels Communications Service Providers to Comply

"The provisions of the EU directive will apply not just to mobile and fixed telephony, but also to Internet telephony, e-mail services and messaging services."

"The provisions of the EU directive will apply not just to mobile and fixed telephony, but also to Internet telephony, e-mail services and messaging services."

The EU Directive on Data Retention, approved in the spring of 2006, requires communication service providers and network operators to retain traffic and location data for minimum and maximum periods, with the purpose of aiding the investigation, detection and prosecution of serious crimes. EU member states have until September 2007 to convert the EU directive into national laws.

Service providers and operators will, therefore, be required to update and adapt their traffic data systems in order to comply with the new obligations by the time various national governments implement the European provisions on data retention as law.

"Implementing solutions compliant with the EU Directive on Data Retention will result in an onerous burden on communications service providers and operators," cautions Frost & Sullivan Senior Industry Analyst Fernando Elizalde in a recent study on EU Directive on Data Retention and its Implications to service providers. "The provisions of the EU directive will apply not just to mobile and fixed telephony, but also to Internet telephony, e-mail services and messaging services."

Call detail record (CDR) systems will need to be updated to cope with the increase in communication and traffic data to be stored and managed. Costs will be incurred on assessing current systems, adapting them, and integrating new solutions in order to achieve regulatory compliance. Most importantly, providers previously not obligated to retain data will now be governed by the EU directive stipulations.

A key component of the EU directive will require service providers and operators to respond to lawful requests from competent authorities 'without undue delay'. However, existing variations in the exact definition of 'undue delay' will motivate member states to establish clear parameters in this area when bringing into force the provisions of the directive.

"The EU directive introduces the idea of 'without undue delay' as a criterion to measure service providers' responsiveness to requests from law enforcement agencies," explained Elizalde. "However, it is not clear how long the delay can be -- interpretations of this criterion vary from minutes to a few hours."