Monica Horten
Published on 21 March 2009
MEPs are urged to limit traffic data processing by network operators.
ePrivacy directive Article 6: Amendment 85 and Amendment 150
The following comments have been emailed to me by the German campaigning group AK Vorrat:
Recommendation
Am 150 ACCEPT
Am 85 REJECT
The council compromise wording of Article 6 (2a) in column four is a little better than the previous versions
- specification of who may process data ("data controller")
- no exception from confidentiality (article 5)
- no inclusion of information society services (i.e. content providers)
- provider interest may be overridden.
But the core problems remain:
- retention is not limited to specific occasions and may thus take place permanently
- no maximum retention period specified, so data may be stored forever
- the disclosure of data to third parties is not exluded ("may be processed")
- data retained for security purposes can later be used for any other purpose, including disclosure to government authorities (no purpose limitation).
Amendment 150 tabled by Eva-Britt Svensson is better:
- retention is limited to "specific cases" and my thus not take place permanently
- maximum retention period of seven days is specified, so data may not be stored forever
- the disclosure of data to third parties is not covered ("may be collected, stored and used")
- data retained for security purposes cannot later be used for other purposes such as disclosure to government authorities (purpose limitation included).
Overall, it would still be best to refrain from any amendments to article 6 at all.
A position paper with a detailed analysis of the issues with the ePrivacy directive Amendment 6 is available from Patrick Breyer of AK Vorrat
Analysis with voting recommendation at La Quadrature du Net