The Data Retention Directive relates to the retention of telecommunications data for law enforcement purposes, and has sparked considerable controversy across the EU. It states that governments of member countries must store data about all emails, phone calls, and text messages sent or received in that country for a specified period of time.
The heated debate preceding the vote in the Swedish Parliament is typical of the division the directive has caused across the EU.
Social Democrat lawmaker Elin Lundgren argued that law enforcement in a modern world needs this kind of access to be able to solve crimes more easily. In reply, Socialist member Jens Holm suggested sarcastically that according to this kind of reasoning, perhaps every citizen should have a chip implanted in their necks for ultimate ease of surveillance.
The problem of privacy versus security is only one aspect of the debate in the still reticent member countries, however.
Since the EU directive was issued in 2006, following the very serious terrorist attacks in Madrid of 2004, any state that had not implemented the directive by adopting national legislation by Sept. 15, 2007, can be sued by the European Commission and fined for every day of noncompliance.
In the case of Sweden, that bill is currently at about $1 million. Many argue that state money could be better spent, rather than paying fines while fighting what is perceived as a done deal.
Sweden’s then Social Democratic government was one of the driving forces behind the directive, but there has been division all along, and much criticism from the point of view of personal privacy. Parties and individual members of Parliament in the current center-right government were initially against the directive, and in the case of one party, several MPs decided to vote against their party line or abstain, something extremely unusual in the Swedish Parliament.
But while Sweden now grudgingly joins the ranks of the already compliant countries, others are still resisting.
In Germany, the Czech Republic, and Romania, the national laws adopted to implement the directive in their current form have been declared unconstitutional by their respective constitutional courts. Other countries, like Hungary and Ireland, have implemented it, but the decisions have been challenged and may end up annulled.
The Data Retention Directive does not allow for storing actual content, only details such as IP address and time of use. The data can only be accessed by police and security services by court order, and allows for data to be retained for a period of at least 6 months, but no more that 24 months. The time of retention is decided by national legislation.
Sweden opted for the minimum period of six months. The head of the National Bureau of Investigation of the Swedish police, Klas Friberg, told Swedish news agency TT that the currently adopted legislation will in fact make it more difficult to fight serious crimes, because of the new six month time limit on retention is too short. Currently, it is possible under Swedish law to retrieve data older than that, he said. The law will take effect on May 1.