The EU Electronic Privacy Directive of 2002 requires members to ensure the confidentiality of communications but allows member states to restrict the scope of such protection for national security and defense reasons as well as to prevent, investigate detect and prosecute crimes. Despite the criticism a provision on retention of communications date was inserted, reversing thus the position taken under the previous EU Telecommunications Privacy Directive of 1997. This article presents the evolution of the EU Electronic Privacy Directive of 2002 starting from the initial proposal of 2000 which did not include a retention of data provision, to the final version drafted after the events of September 11 and the external pressure from the United States. Next the authors focus on the legal framework adopted by the U.K., the only country in the European Union which had comprehensive legislation in this matter, the Anti-Terrorism, Crime and Security Act 2001, while they also examine the strong criticism that the UK regime has faced based predominately on the extensive reach of such legislation and the threat it would pose to civil liberties and human rights. The new EU Electronic Privacy Directive of 2002 has faced similar criticism by several parties also raising the issues of consumer privacy concern and confidence and the extensive burden placed on the telecommunication companies and the ISPs. The article concludes that if the EU wants to achieve its goal to become the most dynamic knowledge-based economy in the world, it needs to strike a balance between fighting crime and terrorism and the protection of the fundamental rights of the individual. Such balance could be achieved where the principles of necessity, appropriateness and proportionality are followed.
Abu Bakar Munir & Siti Hajar Mohd Yasin, Retention of Communications Data: A Bumpy Road Ahead, 22 J. Marshall J. Computer & Info. L. 731 (2004)