EC Sues Sweden to Enact Data Retention Law

STOCKHOLM – The European Commission is suing Sweden for not following through on implementing data retention for telecoms and other Internet service providers.

In 2006, the European Union government approved the Data Retention Directive following terrorist bombings in Madrid and London. The measure was seen as an anti-terrorist, protective move, not seeking to invade the privacy of citizens.

The directive requires European telecoms, ISPs and search engines to store information about customer phone calls, e-mails, text messages and Web activity for a period of time in order to assist law enforcement in legitimate investigations.

But three years on, Sweden has still not put the measure into force, reports The Local. The EC has now filed a lawsuit suit against Sweden in the European Court of Justice, according to the newspaper Svenska Dagbladet.

"According to the treaty, the Commission is responsible for starting an infraction claim when a member country doesn’t follow a decision,” said Eric Degerbeck, the European Commission's spokesperson in Sweden.

Svenska Dagbladet said the Swedish government plans to introduce the legislation asking for a data retention period of six months.

Two Swedish politicians --  Parliament member Camilla Lindberg of the Liberal Party, and Erik Josefsson, a candidate for the European Parliament for the Left Party -- pointed out that other nations have dragged their feet as well regarding the directive, including Austria, Greece, Ireland, the Netherlands and Poland.

Lindberg and Josefsson questioned if data retention was consistent with the principals of a democracy and called the directive "a poor and expensive" tool for protecting freedom and rights, reports PC World. They also suggested the measure is counter to the European Convention on Human Rights, and believe European Court of Justice will agree.

As ArsTechnica notes, as of April 1, 2009, Swedish ISPs were forced to implement the Intellectual Property Rights Enforcement Directive (IPRED), which calls for those companies to hand over user data and user personal information in legal cases, such as charges of copyright infringement.

Some Swedish ISPs have flat-out defied IPRED, such as Bahnhof deleting data on a regular basis, which so far, is legal. But once the EU directive is in place, data deletion will not be allowed before the prescribed retention period.