The EU Data Retention Directive (2006/24/EC) was introduced into EU legislation during the aftermath of the terrorist attacks in Madrid, London and New York, and provided that communications firms should keep data about subscribers’ activities for a period of between 6 and 24 months.
In April of this year, the ECJ gave a preliminary ruling in Joined Cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others that such Directive is invalid. The Court took the stand that by requiring the retention of particular data which may provide very precise information on the private lives of individuals, and by allowing competent national authorities to access such data, the Directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.
Ever since the ruling, communication companies have been applying pressure on governments to clarify their legal requirements for storing data. The UK is set to step up to the challenge and push through an Emergency Data Law aimed at telephone and internet service providers which will outline their obligation to retain “communications data” on their customers. This data includes logs of the time calls were made and numbers dialled. The Law also stipulates the conditions under which authorities are able to listen into the content of communications.
For information relating to your obligations as a data processor, and for assistance in relation to notification with the Malta Data Protection Commissioner, kindly contact us here.