Supersize my compliance costs
A multi-platinum value reader writes in to pose an uncomfortable question which has also been stirring in my mind: where does Skype stand in terms of the EU's proposed data retention directive? The consultation document from last year closes with an explicit reference to VoIP, and the latest version of the draft is here. Whether on-net Skype calls would qualify, or conversely fall into some sort of IM limbo, is a question I can't answer - call my lawyer. However, I think other voice service providers would probably argue that if Skype has an inbound and outbound PSTN service, it should be subject to the same compliance regime as they are.
We know from the published traffic stats, user breakdown by country, and the existence of authentication servers that Skype clients obviously can report various forms of information back to the Mother Ship, but consider the costs and operational distractions of compliance with a minimum 12-month retention regime for 1.4m SkypeOut users, or worse, 39m registered Skype users. Where does mega-chat fit in with this? I honestly don't know how valid my concerns are at this point, but given the EU's tendency to crack walnuts with sledgehammers, I'm a bit worried about this one.
Regulatory lawyers out there - as you guys are likely to be among the only industry to make money off of the race to zero, perhaps you could give me a bit of pro bono time on this issue?