Data snooping

There was a recent press release from the BBC on the confusion surrounding data snooping laws.

Balancing the needs of the police to investigate crimes online with the privacy of individual web users has become controversial as governments seek to extend their snooping rights in cyberspace. Already European ISPs and phone companies are in the process of implementing an EU directive which forces them to retain a variety of communication data for up to two years. Now, a republican congressman, Lamar Smith, has put forward a bill for discussion in the US Congress that could see a similar regime operating Stateside. Experts think it is unlikely that the US will introduce draconian data retention laws any time soon, not because they do not want to but because similar European legislation is currently in varying degrees of disarray.

The Data Retentions Directive 2006/24/EC (pdf) amends the Data Protection Directive 95/46/EC and Directive on Privacy and Electronic Communications 2002/58/EC. It will require organisations to store data of up to 2 years (Art. 6). However, some provisions continue to remain unclear when considering how the Directive (when implemented) will work in practice. For example, the Directive draws a distinction between retaining "traffic data" and "location data", but is it always necessarily clear how this is applied to the internet? Some articles/websites worth reading:

• Bignami, F. Protecting Privacy against the Police in the European Union: The Data Retention Directive (pdf)
• Wikipedia: Telecommunications Data Retention
• EPIC: Data Retentions