Data retention costs worry operators

بيتيا ، NotPetya ، GoldenEye.  لا يهم الاسم إلا أن الفيروس لا يزال يعيث فسادا

Sustaining the costs resulting from the implementation and management of the systems required by the new Data Retention Law are at the top of the concerns of telecommunications operators, as was shown in the workshop «e-Privacy: How to face the new challenges».

At the event, organized by APDC in partnership with the law firm Vieira de Almeida & Associados, Apritel welcomed the benefits of the new law, and the positive aspects it will introduce, namely the bet on efficiency and reducing bureaucracy.

However, there was an alert to the concerns that it raises among telecommunications operators, such as the guarantee of security and confidentiality of the customers about whom the information is provided, the deadlines for implementing the law after the publication of the Ordinance that will allow their entry in force and sustaining the costs that the implementation and management of data processing systems will require.

«If this is a public interest law, and there is no doubt about it, then it should be supported by those with rights, in this case the State», defends Luís Reis. The president of Apritel mentioned that some countries have put aside the measurement of costs to operators, choosing to institute a kind of user-pays principle, in which the one that originates the request for information paid by the same.

Tax benefits or subsidized rates in Social Security contributions for workers assigned to collaborative tasks with the courts, may be other ways of mitigating a cost that, falling only on operators, is expected to be high.

«The new law will have significant costs, which the current situation amplifies and which will be especially important for smaller operators», warns Luís Reis. If support or sharing does not happen, «the costs could potentially end at the end consumer».

40 million / year just to store data

The user-pays principle does not make much sense to Alberto Souto Miranda, vice-president of Anacom, when what is at stake with the new law are essential values, such as the protection of life.

For the person in charge, it is necessary that the real cost of installation and management of the new systems be accurately determined.

The account appears to have already been made by PT, in 2006. In a request for consultation by the European Commission, the company estimated at 40 million euros annually the amount that PTCom and PT Comunicações would have to spend just for data conservation.

As a result of a European directive aimed at combating terrorism and certain serious crimes, the Data Retention Act is in fact obliging operators to keep a large amount of data – from the source of the communication to the destination of the communication, the date, time, type of equipment, location, log ins and log offs etc. – for a certain period of time (1 year in the Portuguese case), which will be provided to judicial entities when requested.

The separation of this database from the rest, strict security rules, the obligation to provide information to the National Data Protection Commission and the destruction of information, after the end of the storage period, are also among the requirements of the new law.

It is recalled that the legislation has already been approved, but awaits the publication of an Ordinance that will regulate a number of aspects to be clarified, both at a technical, conceptual and bureaucratic level.

Patricia Calé