I don’t normally follow EU privacy law, as it’s often quite different from US privacy law, but this news from across the pond seemed worth noting:
A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months. Police and the security services will be able to access the information to combat crime and terrorism.
Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes. It was previously thought that only the large companies would be required to take part, covering 95 per cent of Britain’s internet usage, but a Home Office spokesman has confirmed it will be applied “across the board” to even the smallest company.
Notably, there is no such law in the United States. ISPs can keep records for as long or as short as they like. Of course, not everyone is happy with that, but that’s the current system.
Thanks to Elizabeth Joh for the original link.
UPDATE: Commenter martinned chimes in with some helpful context:
The Directive in question is Directive 2006/24 of 15 March 2006. It was recently upheld by the ECJ in a constitutional challenge as to its legal basis in Case C-301/06, Ireland v Parliament &Council, of February 10, 2009. Most of the Directive has already entered into force, but Member States were allowed to postpone its application to various internet activities until 15 March this year (art. 15(3) of the Directive), which, I guess, is why the Telegraph was writing about it. As to the period of storage, under art. 6 the Member States are allowed to set it anywhere between 6 months and 2 years. Apparently, the UK, like most MS, opted for 1 year.