Mandatory Data Retention Law is against every user’s privacy, as it allows ISPs to retain the users’ online activities and IP addresses. However, you can protect yourself from Mandatory Data Retention by using a secure VPN like NordVPN. It masks your IP address and hides your online activity, keeping your anonymous while using the internet.
The data retention laws that are creating havoc worldwide are now being imposed in many countries in different forms. These laws force ISPs to collect and store all the users’ data regarding their online activities.
Violating fundamental human rights, these laws are usually formulated on the basis that allows investigators to receive these records. However, such data retention laws give governments extended surveillance opportunities.
The data retention laws implemented in countries with strict online privacy rules have overruled the essential requirements for securing personal information. Laws that compel individuals’ privacy usually order organizations not to retain the user’s specific data, such as billing information, for an extended period and should delete the data after a particular time.
What is Mandatory Data Retention Law?
Mandatory Data Retention Law is a law that allows internet providers to give their users a specific IP address through which they identify a user. After a particular time, an ISP changes the user’s IP. However, with the data retention law, an ISP must retain the information regarding the user’s online activity to a specific time by tracking that IP address.
Through this, law enforcement agencies can access an individual by asking ISP about the IP address allocated to that user.
For what you should care about
The Data Retention Laws are implemented not based on criminal activity or illegitimate deeds but for all citizens and users. Therefore, it is more annoying and concerning for those with sensitive and highly private data, such as whistle-blowers, investigators, journalists, and those engaging in political speech.
“Journalists often have the information they have to keep secret to protect the personal safety of sources. Lawyers have privileged conversations with their clients every day, and those need to stay confidential for fairness reasons.” Said the EFF Media Relations Director and Digital Rights Analyst, Rebecca Jeschke.
However, the national data retention laws are damaging individual freedom and online privacy and being intrusive and costly. These laws force Internet providers to collect users’ communication data, such as the duration of a conversation and with whom the conversation is being made. For this purpose, your I.P. address must be tracked for every online activity.
Therefore, once it is in the record, your data is prone to being leaked or stolen. The internet provider is liable to adjust the expense of retaining and collecting the data, bypassing this cost to the customers. But you should take some security Measures To Protect Yourself From Mandatory Data Retention.
Data Retention Law: Current status in different countries
| Country | Retention Period | Authorization Required To Access Metadata | Status Of Data Retention Regime |
|---|---|---|---|
| Argentina | Declared unconstitutional in May 2009 | ||
| Australia | 2 Years | No judicial oversight aside from the problem. | Australian Parliament passed the Data Retention Bill on 26 March. |
| Austria | Data Retention was declared unconstitutional. | ||
| Belgium | 2 years of fixed telephony and mobile telephony data, and one year of internet access, email, and internet telephony data. | A magistrate or prosecutor must authorize the access. | Declared unconstitutional |
| Brazil | No Data Retention law passed | ||
| Bulgaria | 1 Year, Data could be accessed for six months more if requested. | Orders of the Chairperson of a Regional Court could only approve the access. | Declared unconstitutional twice, i.e., in 2008 & again on 12 March 2015. |
| Cyprus | 6 Months | Competent authorities need not obtain judicial authorization to access subscribers’ data; a court order is required for other data. | On the charge of violating privacy rights, it is declared unconstitutional. |
| Czech Republic | Announced unconstitutional | ||
| Denmark | 1 Year | Judicial authentication could lead to access; court orders could also be granted if the application meets strict suspicion, necessity, and proportionality criteria. | Session logging ceased in 2014 |
| European Union | 6 Months to 2 Years | Data of every citizen would be retained. | Implemented |
| Estonia | Access could be achieved after the order of a preliminary investigation judge. | Implemented | |
| Finland | 1 Year | Competent authorities need not obtain judicial authorization to access subscribers’ data; a court order is required for other data. | Under review |
| Germany | 1 Year | Data Retention was declared unconstitutional. | |
| Greece | 1 Year | An investigation was declared nearly impossible and challenging by means other than judicial orders for access. | Implemented |
| France | 1 Year | To access the data retention, the Police require justification and authorization from a person in the Ministry of the Interior designated by the Commission Nationale de contrôle des interceptions de sécurité. | Implemented |
| Spain | 1 Year | Competent national authorities require judicial authorization before data access. | Under reviewing process |
| Hungary | 6 Months for unsuccessful calls and one year for all other data. | Authorized public authorities must receive a written request to retain data, and a judicial warrant is necessary to access pre-trial investigations. | A further constitutional challenge to opposing the law is being prepared. |
| Italy | A prosecutor or an investigating judge is required to order access. | The public prosecutor’s evident order could give data access. | Implemented |
| Lithuania | 6 Months | Authorized public authorities must receive a written request to retain data, and a judicial warrant is necessary to access pre-trial investigations. | In forced |
| Latvia | 18 Months | Authorized officers, the public prosecutor’s office, and courts must assess the request’s adequacy and relevance, record the request, and ensure the protection of the data obtained. | In forced |
| Luxembourg | 6 Months | Judicial authorization is needed for access. | Under review |
| Malta | 1 Year for fixed, mobile, and internet telephony data, six months of internet access, and internet email data | writing Requests – Malta Police Force; Security Service. | Implemented |
| Netherlands | 1 Year of telephony, six months of internet-related data | A prosecutor or an investigating judge is required to order access. | 2 years of fixed telephony and mobile telephony data, and one year of internet access, email, and internet telephony data. |
| Romania | 6 Months under the earlier annulled transposing law | Declared unconstitutional | |
| Poland | 2 Years | Requests must be in writing, and the case of police, border guards, and tax inspectors must be authorized by the senior official in the organization. | Facing challenge |
| Portugal | 1 Year | Transmission of data requires judicial authorization because access is crucial to uncover the truth or that evidence would be, in any other manner, impossible or challenging to obtain. The judicial approval is subject to necessity and proportional requirements. | Implemented |
| Slovenia | 8 Months for internet-related data; 14 months for telephony-related data | Access requires judicial authorization. | After declaring it unconstitutional, orders are given to delete the data retained under the Data Retention Law. |
| Slovakia | 1 Year for Internet services | Writing request required. | Deleted the collected data. Stopped following the orders of the European Court of Justice. |
| Sweden | 6 Months | Expected to face the judicial challenge. | |
| The U.K. | 1 Year | Access is permitted, subject to authorization by a ‘designated person’ and necessity and proportionality test, in specific cases and in circumstances in which disclosure of the data is permitted or required by law. | Judicially challenged by successful M.P.s in July 2015. Key directives of data retention law ‘disapplied.’ |
| Ireland | 2 Years of fixed telephony and mobile telephony data, one year for internet access, email, and internet telephony data. | No. Requests to be in writing from a police officer/military over specified rank & tax/customs official over the specific grade. | A challenge under court. |
| Switzerland | Under challenge | ||
| Norway | No mandatory data retention regime | ||
| USA | 1 Year for Internet metadata, email, phone records | Various United States agencies leverage the (voluntary) data retention practiced by many U.S. commercial organizations like Amazon through programs such as Prism and Muscular. | No mandatory data retention regime |
How to protect yourself from Mandatory Data Retention
Mandatory Data Retention is an issue surfacing all around the world. Most nations observe laws that include Data retention orders for the citizens in one or another. So, if you are concerned about your privacy, we recommend using a robust VPN like NordVPN. A VPN encrypts your data, masks your IP address, and makes you anonymous, keeping you safe from your ISP.
If you use a VPN service, your ISP cannot monitor your online activity due to encryption, resulting in zero data retention.
However, for more protection, follow our guide, ‘How to Protect Yourself From Metadata Retention.‘
Share this article
About the Author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.
More from Zehra AliRelated Posts
Data Retention Law in United States
Mandatory Data Retention Law in the United States is not implemented. However, according to the law ...
Metadata Retention Law in European Union
The EU data retention law by the European Union, named Data Retention Directive (DRD), was passed in...
How to Protect From MetaData Retention? Qucik and Easy Tips
Many countries worldwide, such as the United States, Australia, and European Union, have Mandatory D...
Metadata Retention Law in Germany
In 2010, one of the German courts declared the German mandatory data retention law unconstitutional ...
Surveillance practices in Canada, Facing Criticism
With the revelation that the Canadian Revenue Agency(CRA) regularly supervises social networking sit...
Australia Data Retention Is In Effect – Here’s How To Protect Yourself
The countdown for ‘intrusive data surveillance’ has expired after the 18-month deadline. From this d...
