Notwithstanding the Data Retention Directive has been bashed by the EUCJ Ruling, there is a wide agreement on the fact that its national implementation might still be valid if not in contrast with the main Data Protection Directive.
Just yet, neither the Italian Parliament nor the Data Protection Authority ran the “stress test”, thus leaving ISPs into a void of uncertainty.
Furthermore, the news is new as today, there is a case where the actual providing of Internet access whose contract terminated back in 2010 has been challenged in court by the former customer. Under the Italian Supreme Court jurisprudence, in this case it is the ISP who must provide the evidence that the agreement has been fulfilled. But, guess what? Under the strict (and wrong) interpretation of the Data Retention Directive this ISP deleted the log files and now has problem in supporting its defense.
True, keeping the traffic data for legitimate purposes (such as legal defense) is allowed by the Data Protection Directive.
True, the Data Retention Directive can be interpreted as an exception that doesn’t overrule the Data Protection Directive.
True, an ISP has more than a chance (in theory) to successfully support its choice of keeping the traffic data for legal defense purposes even exceeding the mandatory term seth forth by the DRD.
But all this means fighting an all-round legal battle, explaining to the Court that the traffic data have been legally retained and are, thus, valid evidence, standing against a possible Data Protection Authority investigation, and so on.
To put it short: a waste of time, money and resources, that could be spared if only the Powers-that-be had dedicated a fraction of their time to solve this riddle, instead of toying with this Internet Bill of Right nonsense.