Dear all After reviewing the documents in the section above the following can be summarised as follows: There has been enough discussion on the if I can call it the maintenance of how data should be kept in according to the laws of various countries as all have different laws that more or less try to do the same thing in different words and explanation. For e.g. 1. Directive 95/46/EC - the protection of individuals with regard to the processing of the personal data, in Article 6.1 b), which establishes that personal data must be "collected for specified, explicit and legitimate purpose and not further processed in a way incompatible with those purposes" 2. Note the purpose of conventional telephone directories is the disclosure of subscriber's telephone number starting from the knowledge of subscriber's name and that its use is limited to that specific purposes. 3. Must establish the balance of interests, the interests and risks to privacy at stake have to be identified and evaluated. Directive 97/66/EC gives helpful indications: as long as the minimum information necessary to identify a subscriber is at stake, thus this information can be included in conventional public directories unless the subscriber objects. It must be considered that the interest of the individual in being protected override the interests of controller or third parties. Therefore such processing is only legitimate if the individual has given his/her informed consent prior to any inclusion of his /her personal data in public directories for reverse or multi-criteria searches. 4. Specific and informed consent of the subscriber must be obtained prior to the inclusion of his personal data into all kinds of public directories which include all type of communication devices used for reverse or multi-criteria searches. There must be some given consent on how personal data can be used. 5. As most conclusions regard the directives of the EC previous WP on the Protection of Individuals with regards to protection of data takes the position that processing of said personal data in reverse directories or multi-criteria searching services without unambiguous and informed consent by subscriber is unfair and unlawful. Thus fully implementing and accepting the EC proposal for draft directive on processing personal data. 6. Article 15 of draft Convention could create the impression that the protection of human rights shall only be considered when it is "due" and shall on be "adequate". It can be seen as limiting the safeguards and procedures it would considerably lower if not fully undermine the protection of fundamental rights. 7. Finally with several EU countries implementing Directive 95/46/EC shows that national laws requires personal data can be in principle only be sent to non-EU countries if this country does provide an adequate level of protection of individuals with regard to the processing of their personal data. the level of protection in these countries must be checked. Otherwise if no adequate protection on offer in third country then transfer f personal data may nevertheless be necessary to fight against crime. This shows that the EU or EC directive on the protection of personal data has been the benchmark used to protected personal data. No specfic mention of length of time to hold such data although I think 6 weeks has been mentioned in one document I think. Let me know if I need to do more Regards R. Padilla MSc. -- Richard Padilla MSc