The data retention laws creating havoc worldwide are now being imposed in many countries in different forms. These laws force ISPs to collect and store all the users' data regarding their online activities.
Violating fundamental human rights, these laws are usually formulated on the basis that allows investigators to receive these records. However, such data retention laws give extended surveillance opportunities to the governments.
The data retention laws implemented in countries with strict online privacy rules have overruled the essential requirements for securing personal information. Laws that compel individuals' privacy usually order the organizations not to retain the user's specific data, such as billing information, for an extended period and should delete the data after a particular time.
What is Mandatory data Retention
The Internet providers give their users a specific I.P. address through which they identify a user. After a particular time, an ISP changes the I.P. of the user. But with the data retention law, an ISP is compelled to retain the information regarding the user's online activity to a specific time by tracking that I.P. address.
Through this, the law enforcement agencies have access to an individual by asking ISP about the I.P. address allocated to that particular user.
For What You Should Care About
The Data Retention Laws are implemented not based on any criminal activity or illegitimate deed, but for all the citizens and users. Therefore, it is more annoying and concerning for those with sensitive and highly private data, such as whistle-blowers, investigators, journalists, and those engaging in political speech.
“Journalists often have the information they have to keep secret to protect the personal safety of sources. Lawyers have privileged conversations with their clients every day, and those need to stay confidential for fairness reasons.” Said the EFF Media Relations Director and Digital Rights Analyst, Rebecca Jeschke.
However, the national data retention laws are damaging individual freedom and online privacy and being intrusive and costly. These laws force Internet providers to collect users' communication data, such as the duration of a conversation and with whom the conversation is being made. For this purpose, your I.P. address must be tracked for every activity you do online.
Therefore, your data is prone to be leaked or could be stolen once it is in the record. The internet provider is liable to adjust the expense of retaining and collecting the data bypassing this cost to the customers. But, on your own, you should take some security Measures To Protect Yourself From Mandatory Data Retention.
Data Retention Law; Current Status In Different Countries:
| Country | Retention Period | Authorization Required To Access Metadata | Status Of Data Retention Regime |
|---|---|---|---|
| Argentina | Declared unconstitutional in May 2009 | ||
| Australia | 2 Years | No judicial oversight aside from the problem. | Australian Parliament had passed the Data Retention bill on 26 March. |
| Austria | Data Retention was declared unconstitutional. | ||
| Belgium | Between 1 Year & 36 Months For ‘publically available' telephone services.No provision for internet-related data. | Magistrate or prosecutor must authorize the access. | Declared unconstitutional |
| Brazil | No Data Retention law passed | ||
| Bulgaria | 1 Year, Data could be accessed for six months more if requested. | Orders of Chairperson of a Regional Court could only approve the access. | Declared unconstitutional twice, i.e., in 2008 & again on 12 March 2015. |
| Cyprus | 6 Months | A prosecutor could approve the access and order the proofs for attempting any major crime. If a judge suspects anyone committing any serious crime, they could order data access if it is related to that criminal offense. | On the charge of violating privacy rights, it is declared unconstitutional. |
| Czech Republic | Announced unconstitutional | ||
| Denmark | 1 Year | Judicial authentication could lead to access; court orders could also be granted if the application meets strict suspicion, necessity, and proportionality criteria. | Session logging ceased in 2014 |
| European Union | 6 Months to 2 Years | Data of every citizen would be retained. | Implemented |
| Estonia | Access could be achieved after the order of a preliminary investigation judge. | Implemented | |
| Finland | 1 Year | Judicial authorization is not necessary for competent authorities to access subscribers' data. A court order is required for other data. | Under review |
| Germany | 1 Year | Data Retention was declared unconstitutional. | |
| Greece | 1 Year | Investigation declared nearly impossible and challenging by means other than judicial orders for the access. | Implemented |
| France | 1 Year | To access the data retention, the Police require justification and authorization from a person in the Ministry of the Interior designated by the Commission Nationale de contrôle des interceptions de sécurité. | Implemented |
| Spain | 1 Year | Competent national authorities require judicial authorization before the data access. | Under reviewing process |
| Hungary | 6 Months for unsuccessful calls and one year for all other data. | Police and the National Tax and Customs Office need prosecutor's authentication. Prosecutors and national security agencies can access such data without a court order. | The further constitutional challenge to opposing the law is being prepared. |
| Italy | 2 Years of fixed telephony and mobile telephony data, one year for internet access, internet email, and internet telephony data. | The public prosecutor's evident order could give data access. | Implemented |
| Lithuania | 6 Months | Written request is required for authorized public authorities to retain data. To access pre-trial investigations, a judicial warrant is necessary. | In forced |
| Latvia | 18 Months | Authorized officers, the public prosecutor's office, and courts are required to assess the request's adequacy and relevance, record the request, and ensure the protection of data obtained. | In forced |
| Luxembourg | 6 Months | Judicial authorization is needed for access. | Under review |
| Malta | 1 Year for fixed, mobile, and internet telephony data, six months of internet access, and internet email data | writing Requests – Malta Police Force; Security Service. | Implemented |
| Netherlands | 1 Year telephony, six months of internet-related data | Order of a prosecutor or an investigating judge is required for access. | On 11 March 2015, the national law was suspended. The decision is a preliminary injunction rendering the obligation ineffective. |
| Romania | 6 Months under the earlier annulled transposing law | Declared unconstitutional | |
| Poland | 2 Years | Requests must be in writing and the case of police, border guards, and tax inspectors authorized by the senior official in the organization. | Facing challenge |
| Portugal | 1 Year | Transmission of data requires judicial authorization because access is crucial to uncover the truth or that evidence would be, in any other manner, impossible or challenging to obtain. The judicial approval is subject to necessity and proportional requirements. | Implemented |
| Slovenia | 8 Months for internet-related data; 14 months for telephony related data | Access requires judicial authorization. | After declaring it unconstitutional, orders are given to delete the data retained under the Data Retention Law. |
| Slovakia | 1 Year for Internet services | Writing request required. | Deleted the collected data. Stopped following the orders by European Court of justice. |
| Sweden | 6 Months | Expected to face the judicial challenge. | |
| The U.K. | 1 Year | Access permitted, subject to authorization by a ‘designated person' and necessity and proportionality test, in specific cases and in circumstances in which disclosure of the data is permitted or required by law. | Judicially challenged by successful M.P.s in July 2015. Key directives of data retention law ‘disapplied.' |
| Ireland | 2 Years of fixed telephony and mobile telephony data, one year for internet access, internet email, and internet telephony data. | No. Requests to be in writing from police officer/military over specified rank & tax/customs official over the specific grade. | Challenge under court. |
| Switzerland | Under challenge | ||
| Norway | No mandatory data retention regime | ||
| USA | 1 Year for Internet metadata, email, phone records | Various United States agencies leverage the (voluntary) data retention practiced by many U.S. commercial organizations like Amazon through programs such as Prism and Muscular. | No mandatory data retention regime |
How To Protect Yourself From Mandatory Data Retention
Mandatory Data Retention is an issue surfacing all around the world. Most of the nations observe laws that include Data retention orders of the citizens in one or another. So, if you are concerned about your privacy, follow our guide, ‘How to Protect Yourself From Metadata Retention‘.
