New European Commission rules requiring telephone and internet operators to store data for law enforcement agencies have been prioritised in the wake of the terrorist bombings in London.
Jonathan Faull, director general of the EC's justice, freedom and security department, said on Friday that the Commission intends to accelerate plans to put forward the new regulations.
But the new plan would cut the time data had to be stored to a maximum of nine months, compared with one year in an earlier proposal.
Faull said the EC will present a proposal for data retention "as soon as possible". The proposed directive would require telecommunications operators and internet service providers to collect and store a wide range of data for a given period so that law enforcement agencies could check the records when investigating terrorist activities.
Another EC official, who requested anonymity and is close to the subject, said: "We can't afford not to be visible on this".
The EC, which is responsible for drawing up draft legislation for the 25-member European Union, had planned to present its new proposal before the end of July but national law enforcement authorities have still not finished informing it of the data retention period they would like.
Initial indications are that the EC will recommend keeping telephone data for a maximum of nine months and keeping internet records for a maximum of three months.
The EC official said the directive would be a key part of efforts to combat terrorism and that there is a "very strong law enforcement interest" in the rules. But he added that it is important to strike a balance between the interests of law enforcement agencies, data protection concerns and the impact on industry.
Work on data retention rules started last year when four EU countries – the UK, Sweden, Ireland and Austria – presented a proposal in the wake of the Madrid train bombings in March, which killed nearly 200 people.
Under the proposal, providers of fixed line and mobile services, ISPs (internet service providers) and SMS (short messaging service) operators would have been required to keep data for at least one year and up to a maximum of three years. The rules apply to traffic data such as time, duration and destination of the call but do not include content.
But work has proceeded slowly on the four-country proposal. Members of the European Parliament have also attacked the scheme, calling it "disproportionate" and saying it would infringe data privacy rules, while there have been warnings that the storage requirements would "destroy" the way the industry operates.
The EC’s proposal would require the approval of the European Parliament, which has rejected the four-country proposal. German Free Democrat MEP Alexander Alvaro, who drafted the Parliament's opinion on the proposal, said that despite the increased political pressure to get agreement on data retention rules, the proposal needed to be looked at "very carefully".
He said there should be clear data-protection provisions, pointing out that although the directive was not supposed to cover content "in the case of SMS messages the data is the content”.
The UK government, which took over the six-month rotating presidency of the EU on 1 July, had already said before Thursday's bombings that getting agreement on data retention rules was already a key priority in the next six months, and was due to be discussed by European justice and home affairs ministers at a meeting in October. The subject is expected to get even more attention in the wake of the London attacks.