What will happen in Sweden regarding Data Retention?
I have got the question a lot lately what I think will happen in Sweden given the proposal for legislation that was put forward the other week. I can as well write here what I think.
Sweden will do something. Exactly what, well, I do not know.
What we have to remember regarding the practical collection of data (that is the easiest part), the directive only talk about what is to be retained. And the ETSI standard people are often referring to still only talk about a protocol on how to move the data. Not what is to be retained and who is to send the data.
I think the legislation will pass the parliament. If one look carefully in it, all hard questions regarding what is to be retained, who is to retain things, under what circumstances data is to be given to the police, to who, how to handle extra information, payments etc, are delegated to PTS.
I because of this think the legislation in some form will be decided upon, but then PTS will not be able to anything else (for a long while) but investigate all the non-specifics in the legislation. All the hard difficult questions the investigation could have explained in more detail, but one choose to not to. Possibly because the questions are so hard (which in turn is because the directive from EU is of so low quality).
In parallell with this the European Commission is working on guidelines, and a first meeting with the member states is to be held on November 30, 2007. This meeting is (I guess) supposed to lead to some documents that will help (in our case PTS) with the actual implementation in practice. It can also, if it arrives in time, be able to be input for the open comment period on the proposed law. At the end of the day, it is still the case PTS have to make the hard decisions, so everything is their problem.
This in turn creates another problem. Can/should the government delegate in such way to an agency to decide on their own on things that can have such great impact on privacy issues? Is not the whole idea with the parlamentarian process we have that such changes should pass the parliament?
Unfortunately ISPs in Denmark did not object at all while their regulation was implemented, and that might have negative impact on ISPs in Sweden as Sweden often reference Denmark (and vice versa) regarding regislation and rules like these.