ABU BAKAR MUNIR†
SITI HAJAR MOHD YASIN††
The EU Electronic Privacy Directive 20021 requires Member States to ensure the confidentiality of communications. In particular, Member States shall prohibit listening, taping, storage or other kinds of interception or surveillance of communications.2 The communications service providers are obligated to delete all traffic data no longer required for the provision of a communications service.3 Yet, Member States are permitted to restrict the scope of this protection to safeguard national security, defense, public security, and the prevention, investigation, detection and prosecution of criminal offences.4
Despite strong criticism by privacy experts, data protection commissioners, civil liberties groups and the ISP industry, a provision on the retention of communications data was inserted. This new Directive reverses the position under the 1997 Telecommunications Privacy Directive by explicitly allowing the EU countries to compel Internet Service Providers and telecommunications companies to record, index and store their subscribers’ communications data.5 Under the terms of the new Directive, Member States may now pass laws mandating the retention of traffic and location data of all communications taking place over mobile phones, SMS, landline telephones, faxes, e-mails, chat rooms, the Internet, or any other electronic communication device.6 Article 15 of theDirective provides that Member States may adopt legislative measures when such restrictions constitute a necessary, appropriate and proportionate measure within a democratic society.7 Specifically, Member States may adopt legislative measures providing for the retention of data for a limited period.8
The EU countries were given until October 31, 2003 to implement the Directive. Thus, it is topical and interesting to make an assessment on the implementation of one of the most controversial and much debated subjects of the Directive – the retention of communications data. In doing so, perhaps it is logical to focus on the position in the UK, being the only country that has a comprehensive legislation on this matter, so far. This paper traces the origin of the new Directive. It lays down the UK’s legal frameworks concerning retention of communications data. Criticism on the data retention and UK’s legal regime is given considerable attention. In closing, the paper examines the need to strike the right balance between fighting crime and terrorism and protecting the fundamental rights of the individual.
† Associate Professor, Faculty of Law, University of Malaya, Malaysia.
††Senior Lecturer, Law Faculty, University Technology MARA, Malaysia / Researcher, Law School, University of Strathclyde, United Kingdom. 1. Directive on Privacy and Electronic Communications, 2002/58/EC (July 12, 2002) (concerning the processing of personal data and the protection of privacy in the Electronic communication sector) (available in LEXIS at 2002 OJ L 201).
2. Id. at art. 5.
3. Id. at art. 6.
4. Id. at art. 15(1).
5. Directive 97/66/EC (repealed).
6. Supra n. 4.
7. Id.
8. Id
††Senior Lecturer, Law Faculty, University Technology MARA, Malaysia / Researcher, Law School, University of Strathclyde, United Kingdom. 1. Directive on Privacy and Electronic Communications, 2002/58/EC (July 12, 2002) (concerning the processing of personal data and the protection of privacy in the Electronic communication sector) (available in LEXIS at 2002 OJ L 201).
2. Id. at art. 5.
3. Id. at art. 6.
4. Id. at art. 15(1).
5. Directive 97/66/EC (repealed).
6. Supra n. 4.
7. Id.
8. Id