Records of personal communications, including all e-mails and telephone calls, will be stored for at least a year under a proposal to be decided by EU governments next month.
Under the plan, all telecommunications companies, including mobile phone operators and Internet service providers, will have to retain the numbers and addresses of calls and e-mails sent and received by EU citizens.
The information, known as traffic data, would be held in central computer systems and made available to all EU governments.
The move could pave the way to a further extension of the powers of European security and intelligence agencies, giving them the right to see the full contents of e-mails and intercepted telephone calls and faxes, civil liberty groups fear.
The plan, drawn up by officials in Brussels, has been obtained by Statewatch, an independent group, which monitors threats to privacy and civil liberties in the EU.
"The traffic data of the whole population of the EU - and the countries joining - is to be held on record. It is a move from targeted to potentially universal surveillance," said Mr Tony Bunyan, Statewatch editor yesterday. "EU governments claimed that changes to the 1997 privacy directive would not be binding on member- states - each national parliament would have to decide. Now we know that all along they were intending to make it compulsory across Europe," he said.
Though the move was initially explained by the need to counter terrorism, EU officials now argue it is necessary to combat all serious crime, including, they insist, paedophilia and racism.
A "draft framework decision" for the European Council states that telecommunications details are "very useful tools" for investigating and prosecuting criminal offences. "Access to traffic data is particularly relevant in the case of criminal investigations into cybercrime, including the production and diffusion of paedophile or racist material," it adds.
It is essential, it says, for all member-states to apply the same rules. "The purpose of this present framework decision is to make compulsory and to harmonise the a priori retention of traffic data in order to enable subsequent access to it, if required, by the competent authorities in the context of a criminal investigation." The decision represents a victory for the British government which, encouraged by Washington, has been pushing hard behind the scenes for the establishment of a compulsory EU-wide data retention regime. But civil liberties campaigners argue that compelling communication firms to retain the records of all their customers for long periods amounts to blanket surveillance on the entire EU population and will lead to law enforcement agencies conducting "fishing expeditions" against innocent citizens.
The EU admits the plan involves an invasion of privacy but says the periods for which it must be retained - a minimum of 12 months and a maximum of 24 months - is "not disproportionate".
The data would include information identifying the source, destination, and time of a communication, as well as the personal details of the subscriber to any "communication device".
For law enforcement agencies to access the data, the draft EU decision gives a minimum list of offences, "at least" including "participation in a criminal organisation, terrorism, trafficking in human beings, sexual exploitation of children", drug trafficking, money-laundering, fraud, racism, hijacking and "motor vehicle crime".
The draft states that the "confidentiality and integrity" of retained traffic data must be "ensured" but does not say how. Individuals have no right to check whether the information held about their personal communications is accurate or challenge in the courts decisions about its use by EU authorities.
A member-state will not be able to refuse a request for information from another member-state on human rights or privacy grounds.
- (Guardian service)