Representatives of EU member states ministries of Justice and Interior met this week in Tampere, Finland to discuss questions surrounding data protection measures in Europe. The issue of data protection, privacy and data retention have recently surfaced in the region after the EU Data Protection Supervisor Peter Hustinx claimed that “disproportionate solutions” when dealing with current technological threats are not the solution. Doubts have also been voiced about the EU Data Retention Directive introduced in March this year, after Mr Hustinx questioned its effectiveness. The directive has also been challenged in court by the Irish government, which says the document was adopted using the wrong process and thus has a shaky legal basis.
At the same time, the US Attorney General Alberto Gonzalez has this week called for similar data retention initiatives to be introduced in the US. Mr Gonzalez is currently lobbying for the introduction of laws forcing ISPs to retain data on their customers actions. According to proposals by the Attorney General, this data would be held for two years at most, mirroring European provisions. Currently Internet service providers in the US are required to store such records for 90 days, if requested by the authorities.
Interestingly, though, the EU and US are currently involved in a bitter tug-of-war regarding passenger data provided by carriers on transatlantic flights. The deadline to introduce a new deal, which needs to be signed after the previous agreement was overturned in May by EU judges, is September 30. Privacy issues are key here, and data protection itself will continue being at the top of the European agenda in the forthcoming months, given that 2008 will see a change in the ways in which data is shared between European law enforcement agencies. The “principle of availability” is being introduced on January 1 that year, and means that any data stored by national law enforcement agencies can be shared with their counterparts in other EU member states. This will require a new approach to data protection, for which there are currently no EU-wide provisions.