European Mobile Operators, Telcos Seek Simplified Data Retention Rules
European data retention rules for telcom companies are fragmented and should be addressed by the EU during its regulatory simplification push, the GSM Association and ConnectEurope said in comments posted this week. They were responding to a European Commission consultation on data retention by service providers for criminal proceedings.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Telecom operators "have had to deal with several iterations of data retention obligations over the years," said the groups, which represent mobile network operators and major telcos. The changes have forced "considerable investments and operational costs" on companies.
The biggest impact of such laws relates to the different retention periods for data collected and kept for business reasons, in compliance with the GDPR and ePrivacy Directive, and for data held for law enforcement purposes, the organizations said.
This causes operators to buy storage equipment, redefine system architecture and hire staff. In addition, retaining large amounts of data requires significant energy consumption, which has an environmental impact.
The GDPR has affected the situation by driving data minimization, the groups said. The fact that different national laws mandate retention of different data categories is a challenge for companies that provide services across the EU, including divisions of many telecom operators.
Most requests to telcos for data are targeted at individual subscribers or devices, with an increasing number of bulk requests, the organizations noted. Processing bulk requests takes more time and resources, which can affect response time for other requests. The scope of bulk requests should be minimized, and an effective queuing and priority system should be established, they said.
Law enforcement access to data typically involves systems and the use of single points of contact. These interfaces should be easy to use and not require pricey adaptions for operators, they said. Any data retention approach should also be proportionate and based on a cost-benefit assessment.
Considering the EU's ambitions for regulatory simplification, the groups added, "any changes should bring tangible improvements to the current situation. For example, any new rules should avoid being prescriptive about operational requirements, such as how or where the data is stored, as long as it is stored within the EU/EEA [European Economic Area]."