Skip to main content

EU Sues Sweden Over ISP Data

In a world where everyone sues their neighbor and his dog, the European Commission (EU) has decided to sue Sweden over the fact that its ISPs aren't retaining customer data. To be more specific, the EU is striking out at the Nordic state for not implementing the Data Retention Directive that was passed by the commission back in 2006. Currently five other territories have yet to enforce the directive: Austria, Greece, Ireland, the Netherlands, and Poland.

Without the data retention law in place, local ISPs currently have the ability to dodge the legal system when it comes to providing local authorities with incriminating evidence based on personal information (IP address, email messages, phone messages etc.). Without data retention, Sweden's new Intellectual Property Rights Enforcement Directive is virtually ineffective in catching pirates.

The Swedish newspaper Svenska Dagbladet is citing several reasons why the legislation hasn't taken effect. Apparently, the Swedish Justice Ministry has been quite busy, and hasn't made the Data Retention Directive a priority, nor is it Justice Minister Beatrice Ask's "favorite project." However, Sweden had three years to put the directive into place, and still nothing was accomplished by the time the March 2009 deadline came and went. Yet ironically, the country was quick to implement the Intellectual Property Rights Enforcement Directive (IPRED) back in April, a bill that actually needed data retention in order to be more effective.

According to the EU, the Data Retention Directive commands that all EU member states must implement some kind of data retention legislation with two timeframes: six months or two years. But because Sweden has yet to enter a bill of its own accord, the EU is now taking steps to enforce its Data Retention Directive through legal channels. Many ISPs have already lashed out at both the IPRED and data retention, claiming that holding personal data violates the end-user's rights to privacy. As of this writing, ISPs deleting data on a regular basis.

On a local political level, Camilla Lindberg of the Swedish parliament for the Liberal Party, and Eric Josefsson of the European Parliament for the Left Party originally debated on whether general data retention fits within the boundaries of a democratic society. According to Computerworld, the two agreed that, when it comes to protecting personal freedom and rights, the directive is a terrible and even dangerous tool. They said that the directive even violates the European Convention on Human Rights, and both politicians firmly believe that the European Court of Justice would stand behind that verdict.

As it stands, once all European territories begin to enforce the Data Retention Directive, it will be illegal to delete information too quickly, and illegal to keep data stored for too long. ISPs protecting client anonymously will thus be forced to provide client details in certain legal situations, especially those violating the IPRED in particular. Swedish Minister of Justice Beatrice Ask said that the localized Data Retention Directive bill is definitely in the works, and should be available soon.