Home » Online Privacy » Privacy Laws » Mandatory data Retention Around The World

Mandatory data Retention Around The World

Disclosure: All of our articles are unbased, well researched, and based on a true picture of the story. However we do sometimes get commissions from affiliate sites. Our readers get the best discount from buying from our links. Here is our complete affiliate disclosure.

The data retention laws creating havoc worldwide are now being imposed in many countries in different forms. These laws force ISPs to collect and store all the users' data regarding their online activities.

Violating fundamental human rights, these laws are usually formulated on the basis that allows investigators to receive these records. However, such data retention laws give extended surveillance opportunities to the governments.

The data retention laws implemented in countries with strict online privacy rules have overruled the essential requirements for securing personal information. Laws that compel individuals' privacy usually order the organizations not to retain the user's specific data, such as billing information, for an extended period and should delete the data after a particular time.

What is Mandatory data Retention

The Internet providers give their users a specific I.P. address through which they identify a user. After a particular time, an ISP changes the I.P. of the user. But with the data retention law, an ISP is compelled to retain the information regarding the user's online activity to a specific time by tracking that I.P. address.

Through this, the law enforcement agencies have access to an individual by asking ISP about the I.P. address allocated to that particular user.

For What You Should Care About

The Data Retention Laws are implemented not based on any criminal activity or illegitimate deed, but for all the citizens and users. Therefore, it is more annoying and concerning for those with sensitive and highly private data, such as whistle-blowers, investigators, journalists, and those engaging in political speech.

“Journalists often have the information they have to keep secret to protect the personal safety of sources. Lawyers have privileged conversations with their clients every day, and those need to stay confidential for fairness reasons.” Said the EFF Media Relations Director and Digital Rights Analyst, Rebecca Jeschke.

However, the national data retention laws are damaging individual freedom and online privacy and being intrusive and costly. These laws force Internet providers to collect users' communication data, such as the duration of a conversation and with whom the conversation is being made. For this purpose, your I.P. address must be tracked for every activity you do online.

Therefore, your data is prone to be leaked or could be stolen once it is in the record. The internet provider is liable to adjust the expense of retaining and collecting the data bypassing this cost to the customers. But, on your own, you should take some security Measures To Protect Yourself From Mandatory Data Retention.

Data Retention Law; Current Status In Different Countries:        

CountryRetention PeriodAuthorization Required To Access MetadataStatus Of Data Retention Regime
Argentina  Declared unconstitutional in May 2009
Australia2 YearsNo judicial oversight aside from the problem.Australian Parliament had passed the Data Retention bill on 26 March.
Austria  Data Retention was declared unconstitutional.
BelgiumBetween 1 Year & 36 Months
For ‘publically available' telephone services.No provision for internet-related data.
Magistrate or prosecutor must authorize the access.Declared unconstitutional
Brazil  No Data Retention law passed
Bulgaria1 Year, Data could be accessed for six months more if requested.Orders of Chairperson of a Regional Court could only approve the access.Declared unconstitutional twice, i.e., in 2008 & again on 12 March 2015.
Cyprus6 MonthsA prosecutor could approve the access and order the proofs for attempting any major crime. If a judge suspects anyone committing any serious crime, they could order data access if it is related to that criminal offense.On the charge of violating privacy rights, it is declared unconstitutional.
Czech Republic  Announced unconstitutional
Denmark1 YearJudicial authentication could lead to access; court orders could also be granted if the application meets strict suspicion, necessity, and proportionality criteria.Session logging ceased in 2014
European Union6 Months to 2 YearsData of every citizen would be retained.Implemented
Estonia Access could be achieved after the order of a preliminary investigation judge.Implemented
Finland1 YearJudicial authorization is not necessary for competent authorities to access subscribers' data. A court order is required for other data.Under review
Germany1 Year Data Retention was declared unconstitutional.
Greece1 YearInvestigation declared nearly impossible and challenging by means other than judicial orders for the access.Implemented
France1 YearTo access the data retention, the Police require justification and authorization from a person in the Ministry of the Interior designated by the Commission Nationale de contrôle des interceptions de sécurité.Implemented
Spain1 YearCompetent national authorities require judicial authorization before the data access.Under reviewing process
Hungary6 Months for unsuccessful calls and one year for all other data.Police and the National Tax and Customs Office need prosecutor's authentication. Prosecutors and national security agencies can access such data without a court order.The further constitutional challenge to opposing the law is being prepared.
Italy2 Years of fixed telephony and mobile telephony data, one year for internet access, internet email, and internet telephony data.The public prosecutor's evident order could give data access.Implemented
Lithuania6 MonthsWritten request is required for authorized public authorities to retain data. To access pre-trial investigations, a judicial warrant is necessary.In forced
Latvia18 MonthsAuthorized officers, the public prosecutor's office, and courts are required to assess the request's adequacy and relevance, record the request, and ensure the protection of data obtained.In forced
Luxembourg6 MonthsJudicial authorization is needed for access.Under review
Malta1 Year for fixed, mobile, and internet telephony data, six months of internet access, and internet email datawriting Requests – Malta Police Force; Security Service.Implemented
Netherlands1 Year telephony, six months of internet-related dataOrder of a prosecutor or an investigating judge is required for access.On 11 March 2015, the national law was suspended. The decision is a preliminary injunction rendering the obligation ineffective.
Romania6 Months under the earlier annulled transposing law Declared unconstitutional
Poland2 YearsRequests must be in writing and the case of police, border guards, and tax inspectors authorized by the senior official in the organization.Facing challenge
Portugal1 YearTransmission of data requires judicial authorization because access is crucial to uncover the truth or that evidence would be, in any other manner, impossible or challenging to obtain. The judicial approval is subject to necessity and proportional requirements.Implemented
Slovenia8 Months for internet-related data; 14 months for telephony related dataAccess requires judicial authorization.After declaring it unconstitutional, orders are given to delete the data retained under the Data Retention Law.
Slovakia1 Year for Internet services Writing request required.Deleted the collected data. Stopped following the orders by European Court of justice.
Sweden6 Months Expected to face the judicial challenge.
The U.K.1 YearAccess permitted, subject to authorization by a ‘designated person' and necessity and proportionality test, in specific cases and in circumstances in which disclosure of the data is permitted or required by law.Judicially challenged by successful M.P.s in July 2015. Key directives of data retention law ‘disapplied.'
Ireland2 Years of fixed telephony and mobile telephony data, one year for internet access, internet email, and internet telephony data.No. Requests to be in writing from police officer/military over specified rank & tax/customs official over the specific grade.Challenge under court.
Switzerland  Under challenge
Norway  No mandatory data retention regime
USA1 Year for Internet metadata, email, phone recordsVarious United States agencies leverage the (voluntary) data retention practiced by many U.S. commercial organizations like Amazon through programs such as Prism and Muscular.No mandatory data retention regime

How To Protect Yourself From Mandatory Data Retention

Mandatory Data Retention is an issue surfacing all around the world. Most of the nations observe laws that include Data retention orders of the citizens in one or another. So, if you are concerned about your privacy, follow our guide, ‘How to Protect Yourself From Metadata Retention‘.

Photo of author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.

Leave a Comment