The access and use of private data by Malta’s police and the secret service increased dramatically in just a year, according to a report issued in Brussels yesterday.
While in 2008 the Maltese police and secret service made 869 requests to telecom operators for data about the use of telecommunications infrastructure by private individuals, the number of similar requests soared to 4,023 in 2009.
No information has been given to justify this sudden surge in requests, the number of which is even higher than that made in other member states with larger populations, such as Cyprus, Finland, Denmark and Slovenia.
According to EU law, as transposed into Maltese law books, the police and secret service have the right to ask for the data of private individuals in the course of investigations related to “serious crime”. Although many member states define what this is, Maltese law does not give a precise definition.
On their part, telecom operators are obliged by law to store and provide information to the police or the secret service upon a written request.
According to Maltese law, telecom companies are obliged to store data for up to one year for telephony, whether fixed, mobile or by internet, and up to six months for internet data including e-mail. The data transferred to the police or the secret service does not include actual conversations or e-mail texts but only details of traffic, such as who called whom, at what times and how long conversations lasted.
The police and secret service can also tap whole conversations, if they wish to, although this can only be done through a warrant provided by a member of the judiciary.
According to the EU’s report, the Maltese police and secret service study mobile calls the most when investigating “serious crime”.
In 2008, 86 per cent or 748 of the requests made to telecom companies were to obtain details of mobile telephony traffic. This increased to 91 per cent or 3,693 requests in 2009.
The least-spied-upon means of communication seems to be the traditional fixed-line telephone, with only 29 requests in 2008 and 146 in 2009. Internet data, including e-mail exchanges, are not much used for investigation purposes either, with just 174 requests in 2008 and 92 in 2009.
According to a directive, once the period for the storage of this data elapses, telecom companies are obliged to destroy it.
The report states Malta is observing the parameters of the data retention directive. The only major difference from the other member states is that the Maltese authorities do not offer any compensation to telecom operators for the costs involved in the storage and provision of this data.
The EU report notes that in 2009 almost two million requests for data were made by the 27 member states. Former Communist Poland was the most frequent user of this facility, with more than a million requests.
The Commission said it will be proposing amendments to the directive, which will be particularly aimed at strengthening privacy rules.
“While there are no concrete examples of serious breaches of privacy, the risk of data security breaches will remain unless further safeguards are put in place,” the Commission said.
Brussels said it will consider more stringent regulation of storage, access to and use of the retained data.