Dutch Companies Violates EU Data Retention Law

. ()

A new report by the Dutch Ministry of Economic Affairs’ Radiocommunications Agency found that some Dutch telecommunications and internet service providers (ISPs) have violated European Union law requiring the retention of communications data for the purposes of investigating, detecting and prosecuting serious crime and terrorism.

According to the report, some medium-size and small operators have used the retained data for unauthorized marketing purposes. However, carriers and ISPs were not prosecuted for the breaches reported, .

The European Data Retention Directive requires ISPs and telecommunications operators across the European Union to retain connection data for a period between six months and two years, mainly to fight crime.

Major service providers were not involved in the violation, the report said.

Dutch digital rights organization Bits of Freedom and other digital rights groups are urging the European Commission to prevent further abuse of the European Data Retention Directive.

In September 2009, the Netherlands introduced its data retention law that requires telecommunications operators to store data for one year and internet providers to retain information for six months.

According to the report, the companies are allowed to legally use the retained data for billing, market research, sales activities and value added services. A mandatory survey found that 40 of the 229 companies used the information “solely for purposes other than the legally permitted processing goals,” the report said.

Other companies said they used the data for both legally permitted and non-permitted purposes.

The service providers should obtain the customer’s explicit consent in order to use traffic and location data for purposes other than billing, the report said, noting that customers should be able to withdraw this consent at any time.

The agency intends to conduct a follow-up study expected to be completed in early 2014.

Image Courtesy: