Debate on EU’s new data retention law
The EU’s Data Retention Directive came into force in the spring of 2006. It means that internet service providers and telephone companies must retain information on their customers’ activities in e-mails, telephone conversations, texts and online for at least six months and for up to two years. The idea is that it will be easier to solve serious crimes with the help of this information.
Sweden was the last of all the EU countries to introduce the new regulations in the spring of 2012. And she did so only after being fined millions by the European Court of Justice for having been so slow.
Objections from several different directions
It could be said that there were reasons for Sweden’s hesitancy. The European Court of Justice’s own Advocate General, Pedro Cruz Villalón, feels that the regulations in the Data Retention Directive breach individual privacy (since they make it possible to chart an individual’s private life, for example) and has argued that the law should be reformulated. His opinion does not change anything automatically, but a lot of people naturally take his opinions very seriously.
Others also agree with him, such as Jan Philipp Albrecht, member of the European Parliament for the Greens, who is responsible for other data legislation issues in the Parliament. He says that the Advocate General’s criticism is “a breakthrough for citizens’ rights in the EU” and “hopes that this will be the first step towards stopping the mass surveillance of citizens.” Other commentators say that there is a risk that the directive is not even compatible with Sweden’s Constitution.
The EU’s response to criticism of the directive
Sweden’s EU Commissioner Cecilia Malmström is the person responsible for the issue of the data retention law. Her objection to the criticism is that the problems people are worrying about can be prevented by the new Data Protection Regulation that was recently passed in the EU and which means that companies will not be permitted to store information for as long as two years, but rather for a shorter period. In addition, she emphasises that it will only be possible to access the information in order to investigate serious crimes such as terrorism. It is thus a question of two pieces of legislation that are intended to balance one another out.
Since the new Data Protection Regulation will probably have been introduced in Sweden as early as within the next two years, we will soon know how successfully this intention has been achieved.