Fears over EU data retention law "gold-plating"

Experts fear that new EU rules on data retention could be "gold-plated" by the UK government.

The EU Data Retention Directive came into effect on May 2006. The directive obligates all ISPs and network operators of mobile, fixed and internet telephony, email services, messaging and Internet access to retain traffic and location data for between six months and two years.

But analysts said that the UK government would be more likely to set the maximum limit nearer to two years.

"I think that we would be on the extreme end of the time limits for these regulations," said Graham Titterington, principal analyst at Ovum. "I'd expect the UK to impose the maximum time limits."

Other analysts said the new rules would place an "onerous burden" on telcos and ISPs.

"The introduction of the legislation will have several implications for telecom operators, one of them being the cost to adapt current data retention and retrieval systems or deploy new ones, in order to ensure compliance with the provisions of the directive," said Fernando Elizalde, ICT Europe senior analyst at Frost and Sullivan.

Andrew Wilson, UK Sales Director of storage company Hitachi Data Systems said that global nature of mobile telecommunications will mean that non-EU providers who have connectivity into the EU will have to agree to comply with the data collection regulations operating within the EU.

"This means a call originating from the USA to an EU subscriber will automatically have data retained by the EU service provider," he said.

He said that second challenge will be the amount of call data record (CDR) data that is required to be processed by a provider in the course of a working day.

"Anything up to one billion CDRs could be collected within the course of a business day and this data will have to be retained," said Wilson. "A significant investment in information technology systems and human resources is required to manage and maintain the integrity of the stored data."

Wilson said that Gartner predicted an additional 50,000 terabytes would have to be collected and stored within the EU.

"The size of the storage systems needed to support such activities may need to be large and able to scale without performance degradation throughout its life," said Wilson.

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.