Following my earlier post on digital piracy, let's stay within the digital environment and talk some more about digital privacy. The European Data Protection Supervisor (EDPS) revealed today in a press release that the Data Retention Directive does not meet privacy and data protection standards. This Directive requires all providers of e-communication to store traffic and location data of the communications of all citizens, for possible use by the law enforcement agencies of the Member States (if you haven't known you were being tracked online, let me burst that bubble you live in right away). In April 2011 the European Commission published its report evaluating the implementation and application of this Directive, also from the fundamental rights to privacy and data protection point of view. Now, the EDPS reports that the Directive does not meet the requirements imposed by the fundamental rights to privacy and data protection, since the large scale on which the data needs to be retained according to this Directive is not sufficiently justified by legitimate interests. According to the EDPS data retention could have been regulated in a less privacy-intrusive way. Finally, the Directive leaves too much scope for the Member States to decide for which purpose the retained data might be used, as well as for establishing who can access the data and under which conditions. The further fate of the Directive will now have to be decided but even abolishment seems to be an option, if it cannot be adjusted in a comprehensive and proportionate way.
