MEPs are urged to  limit traffic data processing by network operators. 

ePrivacy directive Article 6: Amendment 85 and Amendment 150

The following comments have been emailed to me by the German campaigning group AK Vorrat: 

 

Recommendation

Am 150  ACCEPT 

Am 85   REJECT

 

The council compromise wording of Article 6 (2a) in column four is a little better than the previous versions

  • specification of who may process data ("data controller")
  •  no exception from confidentiality (article 5)
  •  no inclusion of information society services (i.e. content providers)
  • provider interest may be overridden.

 

But the  core problems remain:

  •  retention is not limited to specific occasions and may thus take place permanently
  • no maximum retention period specified, so data may be stored forever
  •  the disclosure of data to third parties is not exluded ("may be processed")
  • data retained for security purposes can later be used for any other purpose, including disclosure to government authorities (no purpose limitation).

 

Amendment 150 tabled by Eva-Britt Svensson   is better:

  •  retention is limited to "specific cases" and my thus not take place permanently
  • maximum retention period of seven days is specified, so data may not be stored forever
  • the disclosure of data to third parties is not covered ("may be collected, stored and used")
  •  data retained for security purposes cannot later be used for other purposes such as disclosure to government authorities (purpose limitation included).

 

 Overall, it would still be best to refrain from any amendments to article 6 at all.

 

A position paper with a detailed analysis of the issues with the ePrivacy directive Amendment 6  is available from Patrick Breyer of AK Vorrat

 

Analysis with voting recommendation at La Quadrature du Net