Is Europe shifting its privacy stance?

In 2009, the European Union's (EU) Data Retention Directive will go into effect. But a few EU nations are already announcing their interpretations of the mandate, which requires phone and Internet companies to retain the names and addresses of subscribers for a period of between six to 24 months, to be determined by individual nations.

This law was encouraged by law enforcement officials who, after terrorist attacks in Britain and Spain, argued for better and longer data storage from European communications companies to aid in investigating possible terrorists.

A few early interpretations by Germany and the Netherlands have led some to ask whether there will soon be a policy shift in Europe, which has long been a staunch defender of individuals' privacy rights.

Some European governments are preparing laws that will require companies to keep information about individuals' Internet and phone use that goes beyond what the countries will be required to do under the EU directive, according to a New York Times report.

For example, a proposal from the German Ministry of Justice would prohibit using fake information to create a web-based e-mail account, meaning it would be illegal to open an account with a fictitious name. E-mail aliases would not be banned, the Times said, but they would be traceable to the actual account holder.

Critics say such a law would be unenforceable unless it required an identity verification process, such as registering for an e-mail address with a national ID card. (Many e-mail providers currently require only a name and password to open an account, and European citizens could open an account with U.S. e-mall providers, which are not bound by the directive.) Moreover, the law could make paying cash for a pre-paid ceil phone account a thing of the past in Germany, as pre-paid accounts do not acquire or retain any personal information about the subscriber.

A draft law in the Netherlands would also go further than the EU directive, this time by requiring phone companies to save records of a caller's precise location during an entire mobile phone conversation. The Dutch Data Protection Agency has said this proposed law "implies surveillance of the movement of large amounts of innocent citizens" and concluded in January that the draft disregarded privacy protections in the European Convention on Human Rights.

[ILLUSTRATION OMITTED]

Similarly, the German technology trade association Bitkom said the draft there violated the German Constitution. Internet and telecommunications industry associations raised objections when the directive was being debated, but at that time their concerns were about the length of time the data would have to be stored and how the companies would be compensated for the cost of gathering and keeping the information. The directive left both decisions in the hands of national governments, setting a range of six months to two years. The German draft settled on six months, while in the Netherlands it is 18 months.

Currently, Internet service providers in Europe usually keep customer data--including how it was sent and by whom, but not its content--for about three months and routinely share it with police officials who have legally valid orders, according to the Times.