There are vast differences in the timescales that EU Member states require telco’s to store data. Many member states have Retention regimes and Legal Interception (LI) regimes built into Law since the inception of incumbent telco’s or at beginning of market liberalisation in the EU 13/25/27 states from about 1997.

Ireland P&T Act 1983 mandated 6 years retention of traffic data, which changed in 1993 to 3 years under the P&T amendment Act. (P&T being Posts and Telegraphs), relevant section are Ss. 98 and 13 of ‘93 [from memory].

There was a basic problem with this, in that the acts only applied to An Bord Telecom Eireann (BTE) or the Limited Company we know today as eircom. As new entrants arrived in Ireland the minister disproportionately directed Statutory Instruments making certain (but not all) new entrant telco’s also retain data for the same duration.

In 2003 during the Swedish and Irish presidencies of the EU, France, Sweden, UK and Ireland sponsored a Council Decision to bring forward a Data Retention Enforcement Directive (DRED). The Irish motivation being the tragedy that was Omagh and with Madrid and London soon following on the DRED grew legs. In early 2006 the Directive was voted upon and Ireland and Slovenia rejected [voted against] the EU Pillar placement of the Directive in Pillar 1 (EC) rather Pillar 3 (PJCC), this matter is being litigated by the Irish Govt under the Dept of Justice, Equality and Law Reform.

DRED goes much further that the requirements to retain telco ‘traffic data’ including [with member state scope] such items as SMS data, dynamic record retention, server logs and dial-up ISP data.

To exemplify the problems of DR. Ireland’s Counter Terrorism Act 2005 (S.63 & 64) mandates DR for 3 years etc. Italy is a period of 2 which can be extended by a judge to 4 years in duration depending on the issue.

So taking the Omagh bomb that was detonated with a prepaid GSM telephone so I am not that sure that the DRED or a flavour thereof is a bad thing once the rules/law by which retained data is recovered are strict.

Interference with Privacy Rights might be justified where required on the grounds of the protection of the constitutional rights of others, the common good and public order and morality.

I attended a conference in Brussels with DG Information Society and Justice on this and the participants displayed in mathematical terms the amound of tape and storage devices required to maintain such data [at worst] and it was quiet funny to see the figures. One might have asked whether one should buy shares in EDS or another data storage company.

Sorry for hogging your comments section Eoin.

PS: There is also a criminal sanction section in the DRED which will require special treatment I assume given our constitutional shield to EU criminal sanctions etc.

R.