EU Sues Sweden, Demands ISP Data Retention

Death Metal writes "The EU passed the Data Retention Directive years ago, a law that demands ISPs and search engines hold onto data long enough to help the cops (but not long enough to cause privacy problems). But Sweden never passed it into national law, and the European Commission has now sued the country to make sure a bill appears."

Haha

[Jugalator]

Hehe, a bit funny considering the background. This is because the EU now noticed that ISP's are actually now not wanting to do any retention in Sweden, in turn due to the new IPRED law [wikipedia.org]. This is a way for them to partially dodge that law by getting less chances of being able to report users sharing copyright infringing work. The idea is that as their users are reported, they have hopefully already deleted the log entries. Why they are wanting to do that is in turn out of competition reasons. No ISP in Sweden want to be "the ISP where you can more easily get caught for copyright infringement when sharing files". You can read more about the case for one of those ISP's, Bahnhof, here [geek.com].

OK, I went off on a tangent there. What I think is funny is that the EU is only now paying attention and noticing Sweden didn't adopt that law. :-p It's so apparent that this is in response to all the more ISP's not caring for it, not because they have a check on what Sweden is doing. Or maybe they just don't care until certain laws are dodged in practice out of minimizing bureaucracy. It's hard to tell if it's due to incompetence or bureaucracy, but it's either of them.

Re:I never understood these policies...

[Anonymous Coward]

It's not the information that must be stored. Just Receiver/sender-information. And it's not only about data, voice calls are also included in the directive.

Re:But the same EU won't sue France for...

[Schmorgluck]

Well, to be fair, the EU has no case (yet) to sue France for the three strikes law.

Re:sue a country?

[BadAnalogyGuy]

If a country agrees to join a confederation, it must at some point forfeit some of its autonomy to the ruling body. If it doesn't like that deal and wants to secede, there are remedial actions [wikipedia.org] that may be taken to restore sovereignty.

Normal procedure

[pinky99]

As an European citizen I just want to point out to all non-EU friends of /. that this is just a completely normal and standard procedure - it doesn't depend on which law or which country, but if a European law directive is not formed into national laws by the governments/parliaments, the EU automatically sues the non-conforming member states. Happens all the times, on all issues, punishment is normally the fine for each more day passing by.

Re:First time?

[rbrausse]

no, this is normal and happens often. I don't seeked for examples but one can read every time about EU commission actions againt member states for breaching/not implementing EU directives.

a famous one was a few years ago against Greece and Italy (not 100% sure, just google it if you're interested :P) because of the state debt (Maastricht Treaty was imo the legal base for this sueing)

Re:But the same EU won't sue France for...

[koiransuklaa]

Access to internet is a Fundamental Right as per EU.

A parliamentary amendment that said this was passed earlier this month, but that definitely does not mean that "the EU has decided so" -- new amendments mean the Commission has to approve the whole telecom package again before it can become a real law.

Re:Normal procedure

[oneirophrenos]

Any country that abrogates it's sovereignty in this manner isn't a country, but a vassal state, in subservience to a higher ruling power.

And how did "the country" receive the prerogative to rule upon people that a supranational entity like EU doesn't have? Conversely, if EU doesn't have the right to meddle into people's sovereignity, what gives "the country" the right to do that? EU is just one rung higher to a state, it's no less or more evil as your or my government. We're all vassals in subservience.

Re:Why?

[Kartu]

And if I gpg/pgp the email, what then?

Then they'll sue you for that. Unauthorized use of encryption software is illegal in, for example, France.

European Directive (European Law 101)

[yogibaer]

Under the EU treaties a european directive has to be implemented as national law by all members to whom it is adressed, normally within a year after it has been passed, member countries can be excepted from this rule, so that they have more time to implement it as a national law. Bu they do not have a choice after that. The strange and noteworthy thing is, that a european directive as such has a direct effect for all member countries (regardless of national implementation) and courts, especially the higher courts, should consider it in their rulings. The national implementation is only an integration in the respective national legal systems.What happens here is nothing unusual, its standard procedure "On 1 May 2008 1,298 such cases open before the Court" s.http://en.wikipedia.org/wiki/European_Directive So: nothing to see here, move on.

Re:This is why we don't like the EU.

[Spad]

Actually, the European Parliament seems to be pretty resistant to bribary compared to the rest of the Western world.

The problem is usually with the EU Council of Ministers who are the 'unelected' representatives of each member state and tend to ignore the Parliament if they don't like their decisions (As they did with the software patents issue.)

Thankfully the Parliament can overturn CoM decisions with a 2/3 majority and often do if they feel they've been screwed.

Re:Why?

[buchner.johannes]

I don't know why you people cry so loud. This is just normal EU procedure: First the countries agree on a law, then all countries have a period of time to implement this law in their national .
If they don't, they get a warning.
The country is given time to respond on why it has not implemented the law (lots of reasons are possible) and opportunity to make its case.
After another period, there is a fine to pay.
This happens for all laws.

If you don't like that particular law, cry about the EU law, not that Sweden got "sued".
It would be interesting if Sweden's EU parliamentarians voted for or against the law in the first place, and what their arguments were.

Concerning the law itself: The strongest argument against it that people will easily understand are the enormous costs.

Re:Why?

[Anonymous Coward]

* There is no set procedure on leaving the EU
* Sweden does not have the Euro as its currency
* The free trade agreements does not hinge on membership
* Yes, the whole commission bit needs some serious looking over
---
* Appointed indirectly by an elected body? Sort of like the electoral college? That puts the US in a very interesting light.

Re:Why?

[Anonymous Coward]

Sweden has already accepted more Iraqi refugees than the rest of the EU, in the last few years. In fact, the Swedish municipality of Södertälje (population: 82 000) has accepted more Iraqi refugees than the whole of the United States. http://www.guardianweekly.co.uk/?page=editorial&id=552&catID=17 [guardianweekly.co.uk]

Re:Why?

[TheP4st]

It would be interesting if Sweden's EU parliamentarians voted for or against the law in the first place

30% of the Swedish Parlamentarians voted for the directive, all of which were members of the then ruling Social Democrats. The strongest proponent were the Swedish Minister of Justice of the time, Thomas Bodstrom, who among other things said: "If the Parliament votes for it, that gives it a democratic surplus value - if they are against it I anticipate a ministerial decision"

..... and what their arguments were.

The argument pretty much went along these lines 'Sweden is a prime target for terrorists and without this they are going to bomb us into oblivion... and.. and eermm uh-yeah! Think Of The Children!'

Re:Why?

[Anonymous Coward]

Come on. A faithless elector has never changed the outcome of an election. It's a silly tradition, directly equivalent to simply counting the votes of a state and collapsing them into a single outcome. The problem with the electoral college is how it renders half the votes of a state completely meaningless - and that's because it's a first past the post system, not because it uses electors.

Re:Why?

[Late Adopter]

I thought it had been pointed out quite a few times now that people are more afraid of what they can't see or control, like how people will freak out more in an airplane than as a passenger in a car than as a driver in a car. Or people who are afraid of being outside during lightning.

The rationale is simple: everyone thinks they're a better than average driver. Everyone thinks *they're* good enough to stop bad things from happening. Take that (even illusory) control away from them, they get afraid.

You can argue that it's silly until you're blue in the face, but you're missing the point: people aren't afraid of the odds. They're terrified of being out of control.

Re:Why?

[Halo1]

Could you please see this law in perspective for a moment:
1) This law requires the ISP to hold identification data for only 6 months - most ISPs keep it longer than that.

[ citation needed ] Before the data retention directive, this time was limited by the privacy directive. That one specifies that such data may only be kept as long as strictly necessary for billing and general administrative purposes.

Moreover, it's not just about identification data, but also about who emails/calls whom when and from where.

And collecting all of this data [computerweekly.com] costs about £45.8m for the UK according UK government estimates.

2) The only way to have access to this data is to have a court order.

That depends on the Swedish proposed implementation (with which I'm not familiar). The data retention directive mandates nothing of the sort (which was one of the strong points of criticism against it).

in the end we just want our privacy and not make it impossible for police to do their jobs.

The point is that this directive is not required for the police to do their job reasonably well, and that the costs and privacy invasions of the directive are completely disproportionate compared to the potential gains in effectiveness for the police.

The Commission referred in its proposal to exactly one (yes 1) single study on this topic. That one concluded that it was not clear whether or not data retention would help a lot in investigations [edri.org].

So the big complaints are: no demonstration of necessity, hugely disproportionate, major costs, big dangers of abuse and other negative effects [kreativrauschen.com]. Of course, in addition to the way it was pushed through [slashdot.org].

Re:Why sue now?

[Pofy]

>Unless the Data Retention directive explicitly forbids that other laws
>give other permissions to the data in question, the MAFIAA got it just
>the way they want it. And that would be very, very unusual to put in law

And yet that is exactly what the law says. Or rather, it says the data stored according to this law can ONLY be accessed and required for by police and other govermental authorities in investigations of more serious crimes. Not eben the ISP and others who store data themselves are allowed to access this data.

Of course, they can store data IN ADDITION to this law according to other existing laws as well, which would be the exact same system as we have today. Actually the leaked "Lagrådsremiss" specifically comments a request by media companies that also wanted access to this data saying that they will not get access to it.