The governments and its law enforcements have adopted implementation of such laws which force internet service providers and other telecommunication services to monitor their users and collect necessary data about their activities. In this way, the law enforcement outfits access data of millions of internet users and this is practiced almost all major countries of the world.
In most of the countries mandatory data retention laws give rights to the agencies to collect necessary user data and investigate about it. These laws support governments to monitor the activities of their own citizens and off course it is important when it comes to online security. However, on the other hand, these laws have challenged the privacy on individual users.
Those countries which really care about the privacy of individual citizens have made internet privacy laws and thus they have also modified their data retention laws accordingly. The privacy protection laws have given more defined ways to internet service providers so they can respect privacy of their users at certain levels.
What Actually Is Obligatory Data Retention Law?
Internet Service Providers assign a unique IP address to each individual user and it helps in recognizing each one of them separately. Though, IP address can be changed by ISPs, they would rather not change it as long as they can. ISPs keep a track of each IP and retain particular type of data for a certain length of time. With the help of law, the agencies can request ISPs to provide them with individual users IP addresses and relevant information.
How Data Retention System Works?
The ISP assigns a particular IP to each individual client and this IP may change periodically. However, it is the responsibility of ISPs to keep the data related to each individual client’s online activities. With the help of such data, the secret services can easily recognize each individual client and deal with them according to the law implemented in their country.
Why Users Are Worried due to Data Retention?
To be very honest, the data retention laws have put privacy of millions of individual internet users at greater risk. These laws are especially dangerous for those who have been actively involved in local or international politics, journalism, research, gambling, or any other activity considered illegal by law in their country. The worst face of data retention laws is that it minimizes freedom of internet users and of course if you want to use internet with full freedom, you should be worried about it.
The ISPs are abide by laws to keep essential record of all the activities take place through internet, for example, chats, phone calls, file sharing etc. Besides, users’ location may also be tracked and recorded. So it is not wrong to say that all your activities are being monitored and you must not neglect it if you don’t want to get exposed by the agencies.
Data retention policies have empowered law enforcement agencies to breach privacy of any user in the name of security. Therefore, most of the people all across the world have their concerns about it. In fact, in many countries, the law has been challenged or suspended successfully.
The Status of Data Retention Laws All Across the World
|USA||One Year||In USA, many business organization practice data retention on voluntary basis and allow agencies to take advantage of it.||However, in USA, there is no mandatory policy for data retention|
|UK||One Year||In UK, the authorization is subject to the sensitivity of each individual case. It is permitted only if necessary by law.||In the year 2015, the laws were challenged by the MPs who were successful to suspend some of the key policies.|
|Australia||Two years||Attorney-General may decide carefully which agencies can be given access to metadata.||The policy is being criticized by those who don’t want to put their privacy at risk; however, it was still executed.|
|France||One Year||If the agencies have to access user data, they are required to provide acceptable justification that why it is crucial to retain data. The authorization is given by high officials in Interior Ministry.||The law was executed and working effectively.|
|Germany||One year||The laws were implemented but later suspended by judiciary.|
|Denmark||One Year||In Denmark, the data retention authorization is given by the court. However, the approval is given only when there is a dire need to access data.||In 2014, the session logging was ceased|
|Netherlands||One year for telecommunication and six months for data related to internet activities||The access can only be given if ordered by a judge or prosecutor||In the year 2015, retention law got suspended|
|Poland||Two years||Senior officials in security agencies may authorize investigating officers||The laws were challenged due to privacy concerns.|
|Malta||One year for telecommunication and six months for internet based data||Police and other law enforcement agencies may have the right to retain data||It was executed in Malta and no major observations were made concerning users privacy.|
|Slovenia||Fourteen months for telecommunication and eight months for internet based data||Required judicial authorization||Suspended|
|Hungary||Six months for telecommunication and one year for other type of data||Authorities including police, custom, income tax and other agencies need permission from the prosecutors.||Further amendments are being made|
|Luxembourg||Six months||Agencies need judicial authorization for obtaining data from ISPs||Under observation|
|Finland||One year||Law enforcement agencies and other authorities have the right to collect and examine user data whenever and wherever needed||Under observation|
|Bulgaria||Six months but can be extended for around a year if requested||Regional court can give permission to access||The court suspended the law in 2008 and then it was restored but later in 2015 it was suspended again|
|Italy||Two years for telecommunications, two years for cellular calls and one year for internet based activities||A public prosecutor can grant permission if necessary||Executed|
|Cyprus||Six months||On presentation of enough evidences, a prosecutor/ judge can give permission.||Major privacy violations were observed and thus suspended by the respected judiciary.|
|Slovakia||One year||Request can be made in writing||In 2014, court temporarily suspended data retention policy and the case was taken for further discussion. After one year in 2015, it was decided by the court that few parts of law are not accordance with basic human rights and thus were suspended.|
|Ireland||Two years for telecommunication and one year for internet||Requests can be made in writing||Challenged|
|Greece||One year||If it is crucial to access data to solve a case, the court can grant permission||Executed|
|Estonia||A preliminary judge can give permission for access||Executed|
|Spain||One year||The authorities must take prior permission from judiciary||Under observation|
|Belgium||Three years for telecommunication. However, provision is not given for data related to internet activities.||A prosecutor, judge or magistrate can give authorization||The law was suspended|
|Latvia||Eighteen months||Courts and public prosecutor may grant approval||Executed|
|Portugal||One year||Judiciary can grant permission under extremely serious circumstances||Executed|
|Lithuania||Six months||A judicial warrant is needed to access user data||Executed|
Metadata Retention Laws are not just about online surveillance but they have also caused breach of human rights in many parts of the world. In many cases, the authorities crossed their limits and harmed common citizens’ basic rights to enjoy full freedom. However, it is also important to mention here that the same law has been very effective in dealing and eliminating criminal activities online. Therefore, the law itself is not as harmful as its exploitation is. Various countries have made changes to the key policies to make the law effective and respective for their citizens as well.