Data Retention Directive too weak, according to British minister

Florian Weimer fw at
Sat Mar 21 12:20:08 UTC 2009

* Rui Miguel Silva Seabra:

> All of those use HTTP which is already covered by the directive, IIRC
> (or am I thinking of a draft?)

The directive does not require indiscriminate logging of HTTP traffic.
And even if it did, you'd need application-specific payload
extractors, not HTTP-level logging, to keep track of what's going on.

I think we had previous discussions about this matter.  Some think
that Facebook et al. will never share the data they store (legally or
illegally), so they argue that the data needs to be preserved as it
enters or emerges from Facebook et al.  The data is not considered
privacy-sensitive because Facebook et al.'s advertizing clients and
U.S. law enforcement presumably have access to it (in some form or

On the other hand, it might be a better idea to make sure that
companies who do business in the EU comply with requests from national
law enforcement, like a company located in the EU would do.

More information about the Discussion mailing list