Communications network traffic data : technical and legal aspects

Abstract

Communications traffic data is a legal data concept that can be explained by the example of traditional, non-digital mail: For a letter to be sent by post it must be enclosed in an envelope. On the envelope the name of the addressee, his address and some information about the sender are noted. Furthermore, on the envelope a postage stamp or payment stamp is placed. The enclosed letter forms the content of the communication. The data on the envelope stands for the traffic data; these are needed in the service provider’s business operations. This data distinction can be recognized on postcards as well: the content of the communication is situated on the left half of the card, while the traffic data are located on the right. Moreover, the postcard example makes clear that the distinction between communication content and traffic data is, in essence, a legal question rather than a technical question: the service provider is able to take note of the communication content, but is simply not supposed to do so. However, certain technical characteristics of the communication can help in making the distinction in practice. Traffic data can be clearly recognized in conventional telecommunications, but on the internet the distinction between content and traffic data is quite problematic. The actions performed by the internet service provider involving the digital data in his network are significantly more diverse and complex than what is the case with conventional telecommunications. Because the protection status of the communication content differs from that of related traffic data, it is important that this legal distinction can actually be made in the ‘digital cloud’ of the provider network. The research on traffic data is conducted in three parts. Part I concerns the data demarcation issue. There is a need for a legal ‘litmus test’ with which personal data from the digital data cloud can be tested as to whether or not they constitute traffic data. Such a legal litmus test for traffic data is designed from its legal origins and the test is finally performed on three major communication technologies: fixed telephony, mobile telephony and the internet. Traffic data are then sorted in two groups of privacy sensitivity: Type I traffic data, which have a regular personal sensitivity, and Type II traffic data with an increased personal sensitivity. Part II concerns the service provider’s secondary uses of traffic data. Three issues are studied: · The provider’s use of traffic data in direct marketing; · The provider’s use of traffic data in maintaining Acceptable Use Policies; · The provider’s application of traffic data in Automatic Number Identification. Part III concerns the function of traffic data in criminal investigations. Central to this part is the current EU Directive on the retention of traffic data. This part analyzes the legal framework regulating the collection of traffic data from providers by criminal investigation authorities. Traffic data retention and the requirements for the disclosure of traffic data are examined in the context of the two traffic data sensitivity categories, as established in research Part I. A number of open issues are identified and further examined. These concern the following: · Which providers will be affected by traffic data retention? · How should traffic data under retention be stored? · What are the legal options for linking and searching traffic data files?