The data retention laws creating havoc worldwide are now being imposed in many countries in different forms. These laws force ISPs to collect and store all the users’ data regarding their online activities.
Violating fundamental human rights, these laws are usually formulated on the basis that allows investigators to receive these records. However, such data retention laws give extended surveillance opportunities to governments.
The data retention laws implemented in countries with strict online privacy rules have overruled the essential requirements for securing personal information. Laws that compel individuals’ privacy usually order organizations not to retain the user’s specific data, such as billing information, for an extended period and should delete the data after a particular time.
What is Mandatory Data Retention
Internet providers give their users a specific I.P. address through which they identify a user. After a particular time, an ISP changes the I.P. of the user. But with the data retention law, an ISP is compelled to retain the information regarding the user’s online activity to a specific time by tracking that I.P. address.
Through this, law enforcement agencies can access an individual by asking ISP about the I.P. address allocated to that user.
For what you should care about
The Data Retention Laws are implemented not based on criminal activity or illegitimate deeds but for all citizens and users. Therefore, it is more annoying and concerning for those with sensitive and highly private data, such as whistle-blowers, investigators, journalists, and those engaging in political speech.
“Journalists often have the information they have to keep secret to protect the personal safety of sources. Lawyers have privileged conversations with their clients every day, and those need to stay confidential for fairness reasons.” Said the EFF Media Relations Director and Digital Rights Analyst, Rebecca Jeschke.
However, the national data retention laws are damaging individual freedom and online privacy and being intrusive and costly. These laws force Internet providers to collect users’ communication data, such as the duration of a conversation and with whom the conversation is being made. For this purpose, your I.P. address must be tracked for every online activity.
Therefore, your data is prone to be leaked or could be stolen once it is in the record. The internet provider is liable to adjust the expense of retaining and collecting the data bypassing this cost to the customers. But, on your own, you should take some security Measures To Protect Yourself From Mandatory Data Retention.
Data Retention Law; Current Status In Different Countries
| Country | Retention Period | Authorization Required To Access Metadata | Status Of Data Retention Regime |
|---|---|---|---|
| Argentina | Declared unconstitutional in May 2009 | ||
| Australia | 2 Years | No judicial oversight aside from the problem. | Australian Parliament passed the Data Retention Bill on 26 March. |
| Austria | Data Retention was declared unconstitutional. | ||
| Belgium | Between 1 Year & 36 Months For ‘publically available’ telephone services.No provision for internet-related data. | A magistrate or prosecutor must authorize the access. | Declared unconstitutional |
| Brazil | No Data Retention law passed | ||
| Bulgaria | 1 Year, Data could be accessed for six months more if requested. | Orders of the Chairperson of a Regional Court could only approve the access. | Declared unconstitutional twice, i.e., in 2008 & again on 12 March 2015. |
| Cyprus | 6 Months | A prosecutor could approve the access and order the proof for attempting any major crime. If a judge suspects anyone of committing any serious crime, they could order data access if it relates to that criminal offense. | On the charge of violating privacy rights, it is declared unconstitutional. |
| Czech Republic | Announced unconstitutional | ||
| Denmark | 1 Year | Judicial authentication could lead to access; court orders could also be granted if the application meets strict suspicion, necessity, and proportionality criteria. | Session logging ceased in 2014 |
| European Union | 6 Months to 2 Years | Data of every citizen would be retained. | Implemented |
| Estonia | Access could be achieved after the order of a preliminary investigation judge. | Implemented | |
| Finland | 1 Year | Judicial authorization is not necessary for competent authorities to access subscribers’ data. A court order is required for other data. | Under review |
| Germany | 1 Year | Data Retention was declared unconstitutional. | |
| Greece | 1 Year | An investigation was declared nearly impossible and challenging by means other than judicial orders for access. | Implemented |
| France | 1 Year | To access the data retention, the Police require justification and authorization from a person in the Ministry of the Interior designated by the Commission Nationale de contrôle des interceptions de sécurité. | Implemented |
| Spain | 1 Year | Competent national authorities require judicial authorization before data access. | Under reviewing process |
| Hungary | 6 Months for unsuccessful calls and one year for all other data. | Police and the National Tax and Customs Office need the prosecutor’s authentication. Prosecutors and national security agencies can access such data without a court order. | A further constitutional challenge to opposing the law is being prepared. |
| Italy | 2 Years of fixed telephony and mobile telephony data, one year for internet access, email, and internet telephony data. | The public prosecutor’s evident order could give data access. | Implemented |
| Lithuania | 6 Months | A written request is required for authorized public authorities to retain data. To access pre-trial investigations, a judicial warrant is necessary. | In forced |
| Latvia | 18 Months | Authorized officers, the public prosecutor’s office, and courts must assess the request’s adequacy and relevance, record the request, and ensure the protection of the data obtained. | In forced |
| Luxembourg | 6 Months | Judicial authorization is needed for access. | Under review |
| Malta | 1 Year for fixed, mobile, and internet telephony data, six months of internet access, and internet email data | writing Requests – Malta Police Force; Security Service. | Implemented |
| Netherlands | 1 Year of telephony, six months of internet-related data | The order of a prosecutor or an investigating judge is required for access. | On 11 March 2015, the national law was suspended. The decision is a preliminary injunction rendering the obligation ineffective. |
| Romania | 6 Months under the earlier annulled transposing law | Declared unconstitutional | |
| Poland | 2 Years | Requests must be in writing, and the case of police, border guards, and tax inspectors authorized by the senior official in the organization. | Facing challenge |
| Portugal | 1 Year | Transmission of data requires judicial authorization because access is crucial to uncover the truth or that evidence would be, in any other manner, impossible or challenging to obtain. The judicial approval is subject to necessity and proportional requirements. | Implemented |
| Slovenia | 8 Months for internet-related data; 14 months for telephony-related data | Access requires judicial authorization. | After declaring it unconstitutional, orders are given to delete the data retained under the Data Retention Law. |
| Slovakia | 1 Year for Internet services | Writing request required. | Deleted the collected data. Stopped following the orders of the European Court of Justice. |
| Sweden | 6 Months | Expected to face the judicial challenge. | |
| The U.K. | 1 Year | Access is permitted, subject to authorization by a ‘designated person’ and necessity and proportionality test, in specific cases and in circumstances in which disclosure of the data is permitted or required by law. | Judicially challenged by successful M.P.s in July 2015. Key directives of data retention law ‘disapplied.’ |
| Ireland | 2 Years of fixed telephony and mobile telephony data, one year for internet access, email, and internet telephony data. | No. Requests to be in writing from a police officer/military over specified rank & tax/customs official over the specific grade. | A challenge under court. |
| Switzerland | Under challenge | ||
| Norway | No mandatory data retention regime | ||
| USA | 1 Year for Internet metadata, email, phone records | Various United States agencies leverage the (voluntary) data retention practiced by many U.S. commercial organizations like Amazon through programs such as Prism and Muscular. | No mandatory data retention regime |
How to Protect Yourself from Mandatory Data Retention
Mandatory Data Retention is an issue surfacing all around the world. Most nations observe laws that include Data retention orders for the citizens in one or another. So, if you are concerned about your privacy, follow our guide, ‘How to Protect Yourself From Metadata Retention.’
Share this article
About the Author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.
More from Zehra AliRelated Posts
Metadata Retention Law in European Union
The EU data retention law by the European Union, named Data Retention Directive (DRD), was passed in...
How to Protect From MetaData Retention? Qucik and Easy Tips
Many countries worldwide, such as the United States, Australia, and European Union, have Mandatory D...
Metadata Retention Law in Germany
In 2010, one of the German courts declared the German mandatory data retention law unconstitutional ...
Mandatory Data Retention In United States
Mandatory Data Retention Law in the United States is not implemented. But according to the law ...
Surveillance practices in Canada, Facing Criticism
With the revelation that the Canadian Revenue Agency(CRA) regularly supervises social networking sit...
Australia Data Retention Is In Effect – Here’s How To Protect Yourself
The countdown for ‘intrusive data surveillance’ has expired after the 18-month deadline. From this d...
