Metadata Retention Law in European Union

Last updated: April 2, 2024 Reading time: 4 minutes

The EU data retention law by the European Union, named Data Retention Directive (DRD), was passed in 2006, and therefore, it’s considered the extrusive law for data reservation.

This law has emphasized that Internet providers retain users’ personal information such as incoming and outgoing phone numbers, IP addresses, geolocation, and other key telecom and Internet traffic data for six months to 2 years. Although, the people who are not accused or suspect of any crime are under the Data Retention law.

However, the communication details such as the duration of conversation and the fact that to whom the person is talking is also a Data Retention Directive to the ISPs supported by the authoritarian governments of the UK and US. Yet, the collected data could also be provided to law enforcement authorities.

Law Implementation to National legislation of Countries

Many countries such as Austria, Bulgaria, Denmark, Estonia, France, Italy, Latvia, Liechtenstein, Malta, the Netherlands, Poland, Portugal, Slovakia, Slovenia, Spain, Norway, and the United Kingdom have swapped the laws into national legislation. Also, some of the countries outside the European Union, such as Serbia and Iceland, have adopted the data retention Directives.

Whereas, such laws to violate human rights are opposed by constitutional courts of some countries. Cyprus, the Czech Republic, Germany, Greece, and Romania are among the nations that are fighting against unfair Directives.

However, in some countries, the law was upheld after being imposed. Those include Romania, where the DRD was announced unconstitutional in 2009, Cyprus has also declared the data retention law unconstitutional in February 2011. The Bulgarian constitutional court had opposed the law, and in March 2010, Germany had also declared retention directives unconstitutional.

This law is facing opposition and resistance from many nations. In March 2011, the DRD was reversed from the Czech Republic constitutional court’s adopted. In Lithuania, the data retention law was declared unconstitutional even before its enforcement. Also, the constitutional court of Hungary is still examining whether to implement Data Retention directives or not. However, some European Union nations have also denied implementing the law.

With the German execution of delayed adoption of DRD directive, Sweden also shows the same behavior. Therefore, the European Commission has handed over the Sweden case to European Court for not implementing the EU data retention law. Also, an NGO, the European Information Society Institute, opposes the Slovakian action of implementing EU legislation.

Masses reaction for the Law

Although the Data Retention directives have been implemented as the national law, the dispute remains. The conflicting directives of DRD face extreme opposition and criticism from the masses. The lawmakers of the European parliament argue this law to be the one violating fundamental human rights and the way towards the creation of surveillance society. The matter of Irish opposition to the law has been referred to the European Court of Justice (ECJ), who will also review the legality of the DRD directive.

The European Commission announces influential judgment and probable revision of the DRD directive. However, some of the leaked documents affirm that the Commission has intentions to portray DRD directives as an essential need for the EU. Also, some unnamed parties are trying to expand the DRD uses to incorporate prosecution of copyright infringement.

The Commission published an evaluation report in April 2011, exposing the disparity among how the EU members implement the legislation and the data that authorities could access. Criticizing the report, European Data Protection Supervisor (EDPS) has said that the Commission has not demonstrated the necessity and proportionality of the EU Data Retention law. Yet, the legality of the directives would only be approved if they fulfill both the requirements.

The EDSP has argued that data retention could be implemented in a less privacy-intrusive way, but the Commission does not determine that. According to EDSP, the Data Retention Directive gives an ample opportunity to the nations to decide data usage, conditions, and who can access the data.

However, the commission is compelled by the opponent to provide the evidence to demonstrate the fact that if mandatory data retention law is unavailable, the essential traffic data for the investigation of the severe crime wouldn’t be available to law enforcement. They are also demanding the commission to allow citizens to monitor the impacts of DRD directives on their privacy.

Whereas, to stop targeted traffic data collection by DRD, European Digital Rights (EDRI), a Brussels-based NGO with organizations like EFF and AK Vorrat, are fighting against it.

But, these directives are still implemented, and it is not confirmed what changes these oppositions could compel you to incorporate into them to protect your privacy. So, you should be vigilant about securing your privacy and be aware of the Measures To Protect Yourself From Mandatory Data Retention.

Share this article

About the Author

Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.

More from Zehra Ali

Related Posts