Mandatory Data Retention Worldwide

The governments and its law enforcements have adopted implementation of such laws which force internet service providers and other telecommunication services to monitor their users and collect necessary data about their activities. In this way, the law enforcement outfits access data of millions of internet users and this is practiced almost all major countries of the world.

In most of the countries mandatory data retention laws give rights to the agencies to collect necessary user data and investigate about it. These laws support governments to monitor the activities of their own citizens and off course it is important when it comes to online security. However, on the other hand, these laws have challenged the privacy on individual users.

Those countries which really care about the privacy of individual citizens have made internet privacy laws and thus they have also modified their data retention laws accordingly. The privacy protection laws have given more defined ways to internet service providers so they can respect privacy of their users at certain levels.

What Actually Is Obligatory Data Retention Law?

Internet Service Providers assign a unique IP address to each individual user and it helps in recognizing each one of them separately. Though, IP address can be changed by ISPs, they would rather not change it as long as they can. ISPs keep a track of each IP and retain particular type of data for a certain length of time. With the help of law, the agencies can request ISPs to provide them with individual users IP addresses and relevant information.

How Data Retention System Works? 

The ISP assigns a particular IP to each individual client and this IP may change periodically. However, it is the responsibility of ISPs to keep the data related to each individual client’s online activities. With the help of such data, the secret services can easily recognize each individual client and deal with them according to the law implemented in their country.

Why Users Are Worried due to Data Retention? 

To be very honest, the data retention laws have put privacy of millions of individual internet users at greater risk. These laws are especially dangerous for those who have been actively involved in local or international politics, journalism, research, gambling, or any other activity considered illegal by law in their country. The worst face of data retention laws is that it minimizes freedom of internet users and of course if you want to use internet with full freedom, you should be worried about it.

The ISPs are abide by laws to keep essential record of all the activities take place through internet, for example, chats, phone calls, file sharing etc. Besides, users’ location may also be tracked and recorded. So it is not wrong to say that all your activities are being monitored and you must not neglect it if you don’t want to get exposed by the agencies.

Data retention policies have empowered law enforcement agencies to breach privacy of any user in the name of security. Therefore, most of the people all across the world have their concerns about it. In fact, in many countries, the law has been challenged or suspended successfully.

The Status of Data Retention Laws All Across the World   

  Country     Period   Authorization   Current Status
USA   One Year   In USA, many business organization practice data retention on voluntary basis and allow agencies to take advantage of it.   However, in USA, there is no mandatory policy for data retention  
UK   One Year   In UK, the authorization is subject to the sensitivity of each individual case. It is permitted only if necessary by law.   In the year 2015, the laws were challenged by the MPs who were successful to suspend some of the key policies.  
Australia   Two years   Attorney-General may decide carefully which agencies can be given access to metadata. The policy is being criticized by those who don’t want to put their privacy at risk; however, it was still executed.  
France   One Year   If the agencies have to access user data, they are required to provide acceptable justification that why it is crucial to retain data. The authorization is given by high officials in Interior Ministry.   The law was executed and working effectively.  
Germany   One year     The laws were implemented but later suspended by judiciary.   
Denmark   One Year   In Denmark, the data retention authorization is given by the court. However, the approval is given only when there is a dire need to access data.   In 2014, the session logging was ceased  
Netherlands   One year for telecommunication and six months for data related to internet activities   The access  can only be given if ordered by a judge or prosecutor   In the year 2015,  retention law got suspended   
Poland   Two years   Senior officials in security agencies may authorize investigating officers   The laws were challenged due to privacy concerns.    
Malta   One year for telecommunication and six months for internet based data   Police and other law enforcement agencies may have the right to retain data   It was executed in Malta and no major observations were made concerning users privacy.     
Slovenia     Fourteen months for telecommunication and eight months for internet based data   Required judicial authorization   Suspended  
Hungary   Six months for telecommunication and one year for other type of data   Authorities including police, custom, income tax and other agencies need permission from the prosecutors.     Further amendments are being made  
Luxembourg     Six months   Agencies need judicial authorization for obtaining data from ISPs   Under observation  
Finland   One year   Law enforcement agencies and other authorities have the right to collect and examine user data whenever and wherever needed   Under observation  
Bulgaria   Six months but can be extended for around a year if requested   Regional court can give permission to access   The court suspended the law in 2008 and then it was restored but later in 2015 it was suspended again  
Italy   Two years for telecommunications, two years for cellular calls and one year for internet based activities   A public prosecutor can grant permission if necessary   Executed  
Cyprus     Six months   On presentation of enough evidences, a prosecutor/ judge can give permission. Major privacy violations were observed and thus suspended by the respected judiciary.    
Slovakia   One year   Request can be made in writing   In 2014, court temporarily suspended data retention policy and the case was taken for further discussion. After one year in 2015, it was decided by the court that few parts of law are not accordance with basic human rights and thus were suspended.
Ireland   Two years for telecommunication and one year for internet   Requests can be made in writing   Challenged    
Greece   One year   If it is crucial to access data to solve a case, the court can grant permission   Executed  
Estonia     A preliminary judge can give permission for access   Executed  
Spain   One year   The authorities must take prior permission from judiciary   Under observation  
Belgium   Three years for telecommunication. However, provision is not given for data related to internet activities.     A prosecutor, judge or magistrate can give authorization   The law was suspended  
Latvia     Eighteen months   Courts and public prosecutor may grant approval   Executed  
Romania   Six months     Suspended    
Portugal     One year   Judiciary can grant permission under extremely serious circumstances   Executed  
Sweden   Six months     Challenged  
Lithuania       Six months   A judicial warrant is needed to access user data   Executed  

Final Words  

Metadata Retention Laws are not just about online surveillance but they have also caused breach of human rights in many parts of the world. In many cases, the authorities crossed their limits and harmed common citizens’ basic rights to enjoy full freedom. However, it is also important to mention here that the same law has been very effective in dealing and eliminating criminal activities online. Therefore, the law itself is not as harmful as its exploitation is. Various countries have made changes to the key policies to make the law effective and respective for their citizens as well.