Dutch Telcos Used Customer Metadata, Retained To Fight Terrorism, For Everyday Marketing Purposes

from the I'm-shocked,-shocked dept

One of the ironies of European outrage over the global surveillance conducted by the NSA and GCHQ is that in the EU, communications metadata must be kept by law anyway, although not many people there realize it. That's a consequence of the Data Retention Directive, passed in 2006, which:

requires operators to retain certain categories of data (for identifying users and details of phone calls made and emails sent, excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism.
Notice the standard invocation of terrorism and serious crime as a justification for this kind of intrusive data gathering -- the implication being that such highly-personal information would only ever be used for the most heinous of crimes. In particular, it goes without saying that there is no question of it being accessed for anything more trivial -- like this, say:
Some Dutch telecommunications and Internet providers have exploited European Union laws mandating the retention of communications data to fight crime, using the retained data for unauthorised marketing purposes.
Of course, the news will come as no surprise to the many people who warned that exactly this kind of thing would happen if such stores of high-value data were created. But it does at least act as a useful reminder that whatever the protestations that privacy-destroying databases will only ever be used for the most serious crimes, there is always the risk of function creep or -- as in the Netherlands -- outright abuse. The only effective way to stop it is not to retain such personal information in the first place.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Martin, 18 Oct 2013 @ 10:50am

    Re: Re:

    If you are familiar with the history of the directive you'll know that it was not passed as crime prevention cooperation between the EU countries because that would have put a higher demand on a qualified majority of votes and raised the bar for the controversial directive to be passed. Instead it was explicitly passed as a directive that's meant to harmonize the market.

    Given this fact it seems to me that it's you that have a stronger burden to prove your point than I do mine. Please explain what the objections of the other countries would look like? On what grounds could they object?

    I think the risk that such political activism on the national level would be challenged by the EU institutions is significantly less than the risk that our national politicians argue that "hey, since we're forced to collect all this data anyway, wouldn't it be a waste not to use it?"

    My point is that our national political representatives cannot free themselves of responsibility. Their freedom to act may be restricted, but there are still some options available to minimize the privacy implications of the directive.

    Just out of curiosity - have you read the directive?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.