|
PURPOSE : to harmonise Member States’
provisions concerning the obligations of providers of publicly available electronic
communications services with respect to the retention of certain data. LEGISLATIVE ACT : Directive 2006/24/EC of
the European Parliament and of the Council on the retention of data generated
or processed in connection with the provision of publicly available
electronic communications services or of public communications networks and
amending Directive 2002/58/EC. CONTENT : the Council adopted this Directive with the Irish and Slovak delegations voted against. The Directive aims to
harmonise Member States’ provisions concerning the
obligations of the providers of publicly available electronic communications
services or of public communications networks with respect to the retention
of certain data which are generated or processed by them, in order to ensure
that the data are available for the purpose of the investigation, detection
and prosecution of serious crime, as defined by each Member State in its
national law. The Directive applies to traffic and location data on both
legal entities and natural persons and to the related data necessary to
identify the subscriber or registered user. It does not apply to the content
of electronic communications, including information consulted using an
electronic communications network. The following categories of data must retained with regard to fixed network telephony and mobile telephony, as well as Internet
access, Internet e-mail and Internet telephony: - data necessary to trace and identify the source of a
communication; - data necessary to trace and identify the destination of a
communication; - data necessary to identify the date, time and duration of a
communication; - data necessary to identify the type of communication; - data necessary to identify the communication device; - data necessary to identify the location of mobile communication
equipment. The types of data to be retained under these categories of data
are specified in the Directive. With regard to an "unsuccessful call attempt", this is defined as
a communication where a telephone call has been successfully connected but is
unanswered or there has been a network management intervention. This will
include the retention of data in relation to unsuccessful call attempts where
that data is generated or processed, and stored (as regards telephony data)
or logged (as regards Internet data) by providers of publicly available
electronic communications services or of a public communications network within
their jurisdiction in the process of supplying the communication services
concerned. The Directive shall not require the retention of data in relation
to unconnected calls. Data on an unsuccessful call attempt only
has to be retained if the company already stores such data. No data revealing the content of the communication may be retained
pursuant to this Directive. Member States must ensure that the categories of data specified
are retained for periods of not less than six months and not more than two years
from the date of the communication. A Member State facing particular
circumstances that warrant an extension for a limited period of the maximum
retention period may take the necessary measures. That Member State shall immediately notify the Commission and inform the other Member States of the
measures taken and state the grounds for introducing them. The Commission
shall, within a period of six months after the notification, approve or
reject the national measures concerned, after having examined whether they
are a means of arbitrary discrimination or a disguised restriction of trade
between Member States and whether they constitute an obstacle to the
functioning of the internal market. In the absence of a decision by the Commission
within this period the national measures shall be deemed to have been
approved. The Directive goes on to make provision for data protection and
data security. Each Member State shall ensure that providers of publicly available electronic communications
services or of a public communications network respect, as a minimum, certain
prescribed data security principles with respect to data retained in
accordance with the Directive. Each Member State must designate a supervisory authority to be responsible for monitoring the
application within its territory of the provisions adopted by the Member
States regarding the security of the stored data. Those authorities may be
the same authorities as those referred to in Article 28 of Directive
95/46/EC. The supervisory authority must act with complete independence. No later than
15 September 2010, the Commission must submit an evaluation of the
application of the Directive and its impact on economic operators and
consumers, taking into account further developments in electronic communications
technology and the statistics provided to the Commission with a view to
determining whether it is necessary to amend the provisions of this
Directive, in particular with regard to the list of data and the periods of
retention. TRANSPOSITION
: 15 September 2007. Until 15 March 2009, each Member State may postpone application of the Directive to the
retention of communications data relating to Internet Access, Internet
telephony and Internet e-mail. Any Member State that intends to make use of
this provision must notify the Council and the Commission to that effect by
way of a declaration. The following Member States have made such a
declaration postponing application for differing lengths of time: the
Netherlands, Austria, the United Kingdom, Estonia, Cyprus, Greece,
Luxembourg, Slovenia, Sweden, Lithunia, Latvia, Czech Republic, Belgium,
Poland, Finland, Germany. ENTRY INTO FORCE : 03/05/2006.
|
