The problem of implementing the EU Data Retention Directive
I Norway there is now a lot of debate about the EU Directive for Data Retention. The question is if Norway should implement this or not. The Government in Norway is split on this question, even thou both The Data Inspectorate and Art.29 Data Protection Working Party has warned against it.
Why shouldn’t we implement the Data Retention Directive if it can help us solve and fight crime?
Because we can’t implement it in a secure manner!
When we start storing these types of data it must be stored with the following three principles in mind:
- Only authorized personnel has access
- The information only is used for authorized purposes
- The person is informed when information about him/here is used.
This will never be implemented because it costs a lot of money and the companies holding that data hasn’t got enough interest in doing it. (And the government will surely not pay for it.)
The Data needed to implement the Directive will be stored by hundreds of different tele-companies. These companies are storing data today, but only for the purpose of billing. The laws of today are actually quite strict on this, telling the tele-companies to store as little personnel information as possible. This means that these companies don’t have a lot of smart authorization rules built into their systems today. They don’t have the need.
If the EU Directive for Data Retention is implemented, the different tele-companies will be required to store personnel information along side with the everything else. The goverment will not support them with money in this process but just require them to comply.
The result:
- Hundreds of different insecure systems collecting personell information about you.


