De Artikel 29 werkgroep heeft een kritische rapport geschreven over de implementatie van de bewaarplicht in Europa.
In het persbericht schrijft Artikel 29 onder meer:
Most importantly, service providers were found to retain and hand over data in ways contrary to the provisions of the directive. The provisions of the data retention directive are not respected and the lack of available sensible statistics hinders the assessment of whether the directive has achieved its objectives. The European Data Protection Authorities therefore call on the European Commission to take into account the findings of the report when taking the decision on whether or not to amend or repeal the Directive.
Significant discrepancies were found between the member states, especially regarding the retention periods which vary from six months to up to ten years which largely exceeds the allowed maximum of 24 months.
Another important finding is that more data are being retained than is allowed. The data retention directive provides a limited list of data to be retained, all relating to traffic data. The retention of data relating to the content of communication is explicitly prohibited. However, it appears from the inquiry that some of these data are nevertheless retained. As to the internet traffic data several service providers were found to retain URL’s of websites, headers of e-mail messages as well as recipients of e-mail messages in “CC”- mode at the destination mail server. Regarding phone traffic data it was established that not only the location of the caller is retained at the start of the call, but that his location is being monitored continuously.