About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

Swedish proposal for data retention ready

The investigation on implementation of the Data Retention Directive has delivered its report to the minister. I was part of the investigation as an expert (together with many others) and think the result is pretty ok. Specifically given how badly written the overall directive is. The goal of a directive is to help to ensure that legislation among the EU Member States is harmonized. But if we just look at the implementation in Denmark and the proposals in UK and Sweden, we see no harmonization at all. Three countries and three proposals. I do though think important statements (Särskilt Yttrande) are made by Per Furberg and Hans-Olof Lindblom has issued (pages 313-319 in the report). Specifically the ones by Per stating that:

  • The wording used (copied from the BRU investigation) that emphasize the need for more effective tools for law enforcement purposes are not balanced with similar wording for the need for more careful view at privacy aspects. When suggesting better tools for law enforcement purposes, the effectiveness of these always have to be balanced to what impact on privacy the tools have. I do not think first of all a careful enough such calculation has been done in the investigation and secondly the different languages used implicitly give as a result that privacy concerns has lower priority that need for law enforcement tools.
  • Due to the wording of the electronic communincation directive in Sweden, the gray zone of who is covered by the data retention directive is very wide. The investigation delegates to the regulator to come with instructions on who is covered and not. I think this is very unfortunate, as I thought when I started helping this investigation it was one of the main tasks of it. To say who is covered and not. That said, the investigation point explicitly to the electronic communications directive, and it is good it does not point at something else. So maybe the end result is as good as it could be. I am not a lawyer so I do not know. The end result is though unfortunately that people reading this report do not know whether they are covered or not.

    This is also discussed for example by SR, IDG and Aftonbladet.

    Unfortunately there is no translation of the report to English. Not even a summary.

  • Comments are closed.