Sweden won't enforce data retention law against ISP that deleted metadata

Other European countries were not so quick to suspend enforcement after an EU court ruled that data retention laws violate privacy

By , IDG News Service |  Legal

The Swedish authorities won't take action against an ISP that erased all retained communications metadata, even though there is still a law in place compelling providers to retain such data, the Swedish Post and Telecom Authority (PTS) said Friday.

Swedish ISP Bahnhof decided earlier this week to delete retained records and stop collecting data about its customers' communications in the wake of a ruling from the Court of Justice of the European Union (CJEU).

On Tuesday, the court invalidated the EU's Data Retention Directive that requires telecommunications and Internet providers to retain their customer's location and traffic data for investigatory purposes. It found that the directive seriously interferes with fundamental privacy rights. Sweden, like other EU member states, has transposed the directive into national law.

As a result of the CJEU ruling, Bahnhof and other ISPs can stop collecting data and delete records without consequence because PTS stopped enforcing the law, a PTS spokesman said.

"This is a unique situation," he said. With the EU Directive annulled but the Swedish legislation based on the directive still in place, PTS had to decide if it should enforce the rules on ISPs like Bahnhof. However, after analyzing the CJEU's verdict, PTS concluded that there would probably be "big problems" if the authority tried to do so, the spokesman said.

The enforcement is not suspended indefinitely though. There could be a situation where the government changes or modifies the rules and PTS has to start enforcing again, the spokesman said. However, this won't affect ISPs who will erase their data because the PTS cannot impose fines for doing so, the spokesman said. The authority can only demand that a company starts collecting data again, he added.

While the Swedes decided to act quickly after the CJEU ruling, other European countries are still contemplating what to do about it. France, the U.K., Belgium and the Netherlands for instance are still analyzing the ruling. The Dutch Radiocommunications Agency will keep enforcing the law while the Ministry is reviewing the verdict, an agency spokeswoman said Friday.

That analysis could take a while. The Dutch government, for example, will probably need eight weeks, State Secretary of Security and Justice Fred Teeven told the Dutch House of Representatives on Tuesday, emphasizing that data retention is an important tool for law enforcement authorities.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question