Data protection appears to be in a transitional state for companies that do business in Europe – a problem that could present issues while regulators sort it out.
The European Union attempted to standardize privacy and data protection throughout the continent by establishing the Data Retention Directive in 2006. The regulation forces any company categorized as an “electronics communications” service provider to store and submit its customers’ data usage and storage location information upon request by law enforcement.
However, five years after the regulation was passed, the E.U. has come under fire from the Peter Hustinx, European Data Protection Supervisor, who claimed it "does not meet the requirements imposed by the fundamental rights to privacy and data protection.”
Hustinx acknowledged that the E.U. is devoting resources to privacy and data protection, but he urged regulators to conduct further research and revise their mandates accordingly.
"Although the commission has clearly put much effort into collecting information from the member states, the quantitative and qualitative information provided by the member states is not sufficient to draw a positive conclusion on the need for data retention as it has been developed in the directive,” Hustinx said. “Further investigation of necessity and proportionality is therefore required, and in particular the examination of alternative, less privacy-intrusive means.”
Hustinx claimed the current directive is overly intrusive in its data retention policies, and the E.U. has not established a necessity for the information it forces service providers to retain.
Furthermore, Hustinx said, “the directive leaves too much scope for member states to decide on the purposes for which the data might be used, and also for establishing who can access the data and under which conditions.”
Similar issues are emerging across the Atlantic, leaving financial damage in its wake. According to the Ponemon Institute, the average data breach in the United States cost companies $7.2 million in 2010, up from $6.8 million in 2009.