The data retention laws creating havoc all over the world are now being imposed in many countries in different forms. These laws force ISPs to collect and store the data of all the users regarding their online activities.
Violating the basic human rights, these laws are usually formulated on the basis that allows investigators to receive these records. However, such data retention laws give extended surveillance opportunities to the governments.
The data retention laws implemented in the countries with strict online privacy rules have overruled the important requirements for securing personal information. Laws that compels individuals privacy usually orders the organizations not to retain the user’s specific data such as billing information, for a long period and should delete the data after certain time period.
What is Mandatory data Retention
The Internet providers give their users with a specific IP address through which they identify a user. After a certain time period, an ISP changes that IP of the user. But with the data retention law, an ISP is compelled to retain the information regarding the user’s online activity to a certain time period by tracking that IP address.
Through this, the law enforcement agencies have the access to an individual by asking ISP about the IP address allocated to that particular user at that time.
For What You Should Care About
The Data Retention Laws are implemented not on the basis of any criminal activity or illegitimate deed but it’s for all the citizens and users. Therefore, it is more annoying and concerning for the ones who have sensitive and highly private data with them such as whistle-blowers, investigators, journalists, and those engaging in political speech.
“Journalists often have the information they have to keep secret in order to protect the personal safety of sources. Lawyers have privileged conversations with their clients every day, and those need to stay confidential for fairness reasons.” Said the EFF Media Relations Director and Digital Rights Analyst, Rebecca Jeschke.
However, the national data retention laws are damaging the individual freedom and online privacy with also being intrusive and costly. These laws force the Internet providers to collect user’s communication data such as the duration of a conversation and with whom the conversation is being done. For this purpose, your IP address is required to be tracked for every single activity you do online.
Therefore, your personal data is prone to be leaked or could be stolen once it is in the record. The internet provider is liable to adjust the expense of retaining and collecting the data, by passing this cost to the customers. But, on your own, you should take some security Measures To Protect Yourself From Mandatory Data Retention.
Data Retention Law; Current Status In Different Countries:
|Country||Retention Period||Authorization Required To Access Metadata||Status Of Data Retention Regime|
|Argentina||Declared unconstitutional on May 2009|
|Australia||2 Years||No judicial oversight aside from the problematic.||Australian Parliament had passed the Data Retention bill on 26 March.|
|Austria||Data Retention declared unconstitutional|
|Belgium||Between 1 Year & 36 Months|
For ‘publically available’ telephone services.No provision for internet-related data.
|Magistrate or prosecutor must authorize the access.||Declared unconstitutional|
|Brazil||No Data Retention law passed|
|Bulgaria||1 Year, Data could be accessed for 6 months more if requested.||Orders of Chairperson of a Regional Court could only approve the access.||Declared unconstitutional twice i.e. in 2008 & again on 12 March 2015.|
|Cyprus||6 Months||A prosecutor could approve the access and could order for the proofs for attempting any major crime. If a judge suspects anyone of committing any serious crime could order data access if it is related to that criminal offense.||On the charge of violating privacy rights, it is declared unconstitutional.|
|Czech Republic||Announced unconstitutional|
|Denmark||1 Year||Judicial authentication could lead to access; court orders could also be granted if the application meets strict criteria for suspicion, necessity, and proportionality.||Session logging ceased 2014|
|European Union||6 Months to 2 Years||Data of every citizen would be retained.||Implemented|
|Estonia||Access could be achieved after the order of a preliminary investigation judge.||Implemented|
|Finland||1 Year||Judicial authorization is not necessary for competent authorities to access subscriber’s data. A court order is required for other data.||Under review|
|Germany||1 Year||Data Retention declared unconstitutional.|
|Greece||1 Year||Investigation declared nearly impossible and difficult by means other than judicial orders for the access.||Implemented|
|France||1 Year||To access the data retention the Police require justification and authorization from a person in the Ministry of the Interior designated by the Commission Nationale de contrôle des interceptions de sécurité.||Implemented|
|Spain||1 Year||Competent national authorities require judicial authorization before the data access.||Under reviewing process|
|Hungary||6 Months for unsuccessful calls and 1 year for all other data.||Police and the National Tax and Customs Office need prosecutor’s authentication. Prosecutor and national security agencies can access such data without a court order.||The further constitutional challenge to opposing the law is being prepared.|
|Italy||2 Years of fixed telephony and mobile telephony data, 1 year for internet access, internet email and internet telephony data.||Public prosecutor’s evident order could give data access.||Implemented|
|Lithuania||6 Months||Written request is required for authorized public authorities to retain data. To access pre-trial investigations a judicial warrant is necessary.||In forced|
|Latvia||18 Months||Authorized officers, public prosecutor’s office, and courts are required to assess ‘adequacy and relevance’ of the request, to record the request and ensure the protection of data obtained.||In forced|
|Luxembourg||6 Months||Judicial authorization is needed for access.||Under review|
|Malta||1 Year for fixed, mobile and internet telephony data,6 months of internet access and internet email data||writing Requests – Malta Police Force; Security Service.||Implemented|
|Netherlands||1 Year telephony, 6 months internet-related data||Order of a prosecutor or an investigating judge is required for access.||On 11 March 2015, national law was suspended. The decision is a preliminary injunction rendering the obligation ineffective.|
|Romania||6 Months under the earlier annulled transposing law||Declared unconstitutional|
|Poland||2 Years||Requests must be in writing and in the case of police, border guards, and tax inspectors, authorized by the senior official in the organization.||Facing challenge|
|Portugal||1 Year||Transmission of data requires judicial authorization on grounds that access is crucial to uncover the truth or that evidence would be, in any other manner, impossible or very difficult to obtain. The judicial authorization is subject to necessity and proportional requirements.||Implemented|
|Slovenia||8 Months for internet related data; 14 months for telephony related data||Access requires judicial authorization.||Orders are given to delete the data retained under the Data Retention Law after declaring it unconstitutional.|
|Slovakia||1 Year for Internet services||Writing request required.||Deleted the collected data. Stopped following the orders by European Court of justice.|
|Sweden||6 Months||Expected to face the judicial challenge.|
|UK||1 Year||Access permitted, subject to authorization by a ‘designated person’ and necessity and proportionality test, in specific cases and in circumstances in which disclosure of the data is permitted or required by law.||Judicially challenged by successful MPs in July 2015. Key directives of data retention law ‘disapplied’|
|Ireland||2 Years of fixed telephony and mobile telephony data, 1 year for internet access, internet email and internet telephony data.||No. Requests to be in writing from police officer/military over specified rank & tax/customs official over the specific grade.||Challenge under court.|
|Norway||No mandatory data retention regime|
|USA||1 Year for Internet metadata, email, phone records||Various United States agencies leverage the (voluntary) data retention practiced by many U.S. commercial organizations like Amazon through programs such as Prism and Muscular.||No mandatory data retention regime|
How To Protect Yourself From Mandatory Data Retention
Mandatory Data Retention is the issue surfacing all around the world. Most of the nations are observing laws that include Data retention orders of the citizens in one or other form. So, if you are concerned about your privacy, follow our guide ‘How to Protect Yourself From Metadata Retention’.