Post- och telestyrelsen Privacy in Electronic Communications Data Retention – from Exception to Rule Lars Erik Axelsson Expert Adviser National Post and.

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.
EU: Bilateral Agreements of Member States
Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Text Privacy and Data Protection in Sweden Christine Kirchberger.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Competition law and Article 8 ECHR VMR, 13 March 2008 Jolien Schukking.
1 When hate speech tangles privacy... When hate speech tangles privacy...
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Ioannis Iglezakis Directive on privacy and electronic communications.
Health research and the protection of personal information rights in international ethics and human rights law Colin M Harper Promoting Health Research.
European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.
Data Protection Privacy in the Digital Age: the UN General Assembly Resolution Sophie Kwasny, 16 October th International Conference, Mauritius.
Judgment of the Court of the European Union (Grand chamber) Retention of Telecommunications Data Holly Raiche Director, Internet Society of Australia.
Access to Public Information in Slovenia Nataša Pirc Musar, LL.B. Commissioner for Access to Public Information The Hague – 24 th -25 th November, 2004.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Data protection and European citizens’ initiatives
Directive on the Authorisation of electronic communications networks & Services Directive (2002/20/EC) Authorisation Directive Presented by: Nelisa Gwele.
DG Information Society The EU and Data Retention Data Retention Meeting London, 14 May 2003 Philippe GERARD, DG Information Society The positions.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC
Privacy and Data Protection in e-Communications Sector Legislation, Codes of Practice and Standards Privacy and Data Protection in e-Communications Sector.
PRIVACY IN THE ELECTRONIC COMMUNICATIONS SECTOR IN BULGARIA.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
Evaluation of restrictions: art. 15 and art TAIEX Seminar on the EU Service Directive, 3 May 2007 Carlos Almaraz.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.
European Data Protection Supervisor TAIEX Seminar - Belgrade 9 February 2009 Principles of data protection and international legal framework Alfonso Scirocco.
František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
Privacy and ‘Big Data’: the European perspective Human Subjects’ Protections in the Digital Age: IRB, Privacy and Big Data Peter Elias, University of Warwick.
Hallgrímur Snorrason Management seminar on global assessment Session 6: Institutional and legal framework of the national statistical system Yalta
Privacy in the Digital Age: the UN General Assembly Resolution
DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing.
Luca De Matteis Justice counsellor (criminal law, data protection)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)
Data Protection: EU & International
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
Data Protection & Human Rights
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
ESF Monitoring & Evaluation and Data Protection in Spain
Data Protection principles
Report on data protection legislation Case of Romania
GDPR Workshop MEU Symposium Prague 2018
The activity of Art. 29. Working Party György Halmos
Public Privacy: juridical & ethical perspective
The EDPS: competences and processing of personal data in EU funds
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
PRESENTATION OF MONTENEGRO
The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.
Presentation transcript:

Post- och telestyrelsen Privacy in Electronic Communications Data Retention – from Exception to Rule Lars Erik Axelsson Expert Adviser National Post and Telecom Agency Sweden

Post- och telestyrelsen The European Convention on Human Rights 1950 ARTICLE 8 Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. 2

Post- och telestyrelsen The telephone monopoly in Sweden and its employees Confidentiality and obligation to observe silence regarding specific phone calls or other messages (e.g. telegrams). Limited confidentiality in police matters regarding crimes with a prison sentence of >2 years. 3

Post- och telestyrelsen Digitalisation creates traffic data Until the 1970-s, no electronic traffic data were created Technical development from analog to digital Technical development from electro-mechanic switches to electronic switches In the 1980-s, electronic switching of digitally transmitted traffic creates traffic data 4

Post- och telestyrelsen Dir 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data Article 1: MS shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data. Article 6: MS shall provide that personal data must be: (b) collected for specified, explicit and legitimate purposes... (c) adequate, relevant and not excessive in relation to the purposes (d) accurate and...up to date (e)....identification of data subjects for no longer than...necessary... 5

Post- och telestyrelsen Dir 95/46/EC cont. Article 8: MS shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life. Article 13: Exemptions and restrictions for: (a) national security;(b) defence; (c) public security;(d) criminal investigation and prosecution;(e) an important economic or financial interest of a Member State or of the European Union ;(f) the exercise of official authority in cases referred to in (c), (d) and (e); (g) the protection of the data subject or of the rights and freedoms of others. 6

Post- och telestyrelsen Directive 97/66/EC concerning the processing of personal data and the protection of privacy in the telecommunications sector Particularices and complements dir. 95/46/EC in the telecommunications sector, and provides for protection of subscribers who are legal persons. Article 5: Ensure the confidentiality of publicly available telecommunications services and networks. Prohibit listening, tapping, interception or surveillance of communications, except when legally authorised. Article 6: Traffic data must be erased or made anonymous upon termination of the call. For the purpose of billing and interconnection payments, data may be processed up to the end of the period during which the bill may be challenged or payment may be pursued. 7

Post- och telestyrelsen Billing data may include: - number or identification of the subscriber station, - address of the subscriber and the type of station, - total number of units to be charged for the accounting period, - called subscriber number, - type, starting time and duration of the calls made and/or the data volume transmitted, - date of the call/service, - other information concerning payments such as advance payment, payments by instalments, disconnection and reminders. 8

Post- och telestyrelsen Article 14 Exceptions Member States may adopt legislative measures to restrict the scope of the obligations and rights provided for , when such restriction constitutes a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the telecommunications system, as referred to in Article 13(1) of Directive 95/46/EC. 9

Post- och telestyrelsen CHARTER OF FUNDAMENTAL RIGHTS IN THE EU (2000/C 364/01) Article 7: Respect for private and family life, home and communications. Article 8: 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 10

Post- och telestyrelsen Directive 2002/58/EC on privacy and electronic communications Replaces 97/66/EC. Regarding confidentiality of communications and the related traffic data, processing and saving of traffic data and exceptions for national security etc., this directive is a copy of 97/66/EC. A new issue is location data in mobile networks. As well as other traffic data, location data should be erased. Location data other than traffic data may be processed when they are made anonymous, or with the consent of the users for the duration necessary for the provision of a value added service. Spyware, web bugs and “cookies” are allowed only for legitimate purposes, with the knowledge of the users concerned. 11

Post- och telestyrelsen From BBC News Madrid train attacks On 11 March 2004, a series of bombs exploded within minutes of each other on four commuter trains in the Spanish capital Madrid. The blasts killed 191 people and wounded 1,841. Four suicide bombers struck in central London on Thursday 7 July 2005, killing 52 people and injuring more than 770. The co-ordinated attacks hit the transport system as the morning rush hour drew to a close. 12

Post- och telestyrelsen Directive 2006/24/EC on the retention of data Preamble (8): The Declaration on Combating Terrorism adopted by the European Council on 25 March 2004 instructed the Council to examine measures for establishing rules on the retention of communications traffic data by service providers. Preamble (10) On 13 July 2005, the Council reaffirmed in its declaration condemning the terrorist attacks on London the need to adopt common measures on the retention of telecommunications data as soon as possible. 13

Post- och telestyrelsen Preamble (9): Because retention of data has proved to be such a necessary and effective investigative tool for law enforcement in several Member States, and in particular concerning serious matters such as organised crime and terrorism, it is necessary to ensure that retained data are made available to law enforcement authorities for a certain period. 14

Post- och telestyrelsen Art. 1 Subject matter and scope...to ensure that the data are available for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law......shall apply to traffic and location data on both legal entities and natural persons and to the related data necessary to identify the subscriber or registered user. It shall not apply to the content of electronic communications, including information consulted using an electronic communications network. 15

Post- och telestyrelsen Art. 3 Obligation to retain data...MS shall...ensure that the data....are retained....., to the extent that those data are generated or processed by providers.....within their jurisdiction in the process of supplying the communications services concerned. The obligation to retain data....shall include the retention of the data....relating to unsuccessful call attempts where those data are generated or processed, and stored (as regards telephony data) or logged (as regards Internet data)..... within the jurisdiction of the Member State concerned..... This Directive shall not require data relating to unconnected calls to be retained. 16

Post- och telestyrelsen Art. 4 Access to data MS shall.....ensure that data......are provided only to the competent national authorities in specific cases and in accordance with national law. The procedures to be followed and the conditions to be fulfilled in order to gain access to retained data......shall be defined by each Member State in its national law

Post- och telestyrelsen Art. 5 Categories of data to be retained (a) data necessary to trace and identify the source of a communication: Fixed and mobile telephony: the calling telephone number; the name and address of the subscriber or registered user; Internet access, and Internet telephony: the user ID(s) allocated; the user ID and ip-telephone number; the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication; 18

Post- och telestyrelsen Art. 5 cont. (b) data necessary to identify the destination of a communication: Fixed and mobile telephony: the number(s) dialled and the number or numbers to which the call is routed; the name(s) and address(es) of the subscriber(s) or registered user(s); and Internet telephony: the user ID or telephone number of the intended recipient(s) of a telephony call; the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication; 19

Post- och telestyrelsen Art. 5 cont. (c) data necessary to identify the date, time and duration of a communication: Fixed and mobile telephony: date and time of start and end of communication; Internet access, and Internet telephony: date and time of log-in and log-off, allocated IP-address, dynamic or static, user ID of the subscriber or registered user; (d) data necessary to identify the type of communication: Fixed and mobile telephony: the telephone service used; and Internet telephony: the Internet service used; 20

Post- och telestyrelsen Art. 5 cont. (e) data necessary to identify users’ communication equipment or what purports to be their equipment: Fixed telephony: calling and called numbers; Mobile telephony: calling and called numbers; IMSI of the calling party;IMEI of the calling party; IMSI of the called party; IMEI of the called party; For pre-paid the date and time of initial activation of service and Cell ID where service was activated; Internet access, and Internet telephony: calling number for dial-up access; DSL or other end point of the originator of the communication; 21

Post- och telestyrelsen Art. 5 cont. (f) data necessary to identify the location of mobile communication equipment: Cell ID at the start of the communication; data identifying the geographic location of cells by reference to their location labels (Cell ID) during the period for which communications data are retained. No data revealing the content of the communication may be retained pursuant to this Directive. 22

Post- och telestyrelsen Art. 6 Periods of retention MS shall ensure that.....data....are retained for periods of not less than six months and not more than two years from the date of the communication. Art. 7d: MS shall ensure that.....the data, except those that have been accessed and preserved, shall be destroyed at the end of the period of retention. 23

Post- och telestyrelsen Art. 15 Transposition MS shall bring into force the laws......necessary to comply with this Directive by no later than 15 September Until 15 March 2009, each MS may postpone the retention of communications data relating to Internet Access, Internet telephony and Internet . 24

Post- och telestyrelsen Transposition of the data retention directive 24 Member States have transposed the Directive, Sweden was the last in March 21, 2012 Three had previously transposed it until their respective courts ruled the national laws to be unconstitutional. Czech republic: The Constitutional Court deemed the law unconstitutional and found it to be infringing on the peoples right to privacy. Germany: The Federal Constitutional Court ruled the law unconstitutional as a violation of the guarantee of the secrecy of correspondence. Romania: The Constitutional Court found that the law violated the constitutional rights of privacy, of confidentiality in communications, and of free speech. 25

Post- och telestyrelsen Transposition cost estimates Denmark: The business association ”Telekommunikationsindustrien” estimates that danish operators have invested 25 million euros in hardware, software and staff, with annual costs of 6 million euros. Sweden: The telecom industry estimates an investment cost of 50 to 100 million euros. Austria: The Internet Service Provider Association estimates the overall data retention costs for Austria to be somewhere between €15 million and €20 million. 26

Post- och telestyrelsen Press Release Brussels, 14 July 2010 from the European Data Protection Authorities:....The report that results from a joint inquiry carried out by the data protection authorities, concludes that the obligation to retain all telecom and internet traffic data resulting from the directive is not applied correctly in the EU member states. Most importantly, service providers were found to retain and hand over data in ways contrary to the provisions of the directive. The provisions of the data retention directive are not respected and the lack of available sensible statistics hinders the assessment of whether the directive has achieved its objectives. 27

Post- och telestyrelsen EU-Commission evaluation report The EU should support and regulate data retention as a security measure Transposition has been uneven The Directive has not fully harmonised the approach to data retention and has not created a level-playing field for operators Operators should be consistently reimbursed for the costs they incur Ensuring proportionality in the end-to-end process of storage, retrieval and use The Commission will propose a revision of the current data retention framework. 28

Post- och telestyrelsen Press Release Brussels, The European Commission has today proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Press Release Brussels, Commission takes Germany to Court requesting that fines be imposed More than two years after the national law transposing the EU Data Retention Directive was annulled by the German Federal Constitutional Court, Germany has still not complied with the Directive. 29

Post- och telestyrelsen Thank you! Link to EU-Commission evaluation report /malmstrom/archive/ _data_retenti on_evaluation_en.pdf /malmstrom/archive/ _data_retenti on_evaluation_en.pdf 30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.