Recommended: Celebrate 10 Years of Security, Privacy & Anonymity with PureVPN's Special Offer. Get 1 Year Free >>

Data Retention Laws By Countries – An Update

To enact data retention laws of its own, the Australian government looked for existing models of countries where data retention laws were already implemented. The government, however, conveniently overlooked the fact that many countries, including the UK have overwhelmingly denied the implementation of such laws.

The following is a comparison of Australia with the countries in the EU and US, according to data retention laws and policies. The table will make it clear whether we, as Australians, are progressing or regressing with such draconian measures.

Claire Reilly CNET Data Retention

Country

Retention Period

Authorisation Required To Access Metadata

Status Of Data Retention Regime

Australia

2 Years

No judicial oversight aside from the problematic.

Data retention bill passed by Parliament on 26 March.

Austria

   

Ruled unconstitutional

Belgium

Between 1 Year & 36 Months
For ‘publically available’ telephone services.No provision for internet-related data.

Access must be authorised by a magistrate or prosecutor.

Ruled unconstitutional 

Bulgaria

1 Year, Data which has been accessed may be retained for a further 6months on request.

Access only possible on the order of the Chairperson of a Regional Court.

Ruled unconstitutional in 2008 & again on 12 March 2015.

Cyprus

6 Months

Access must be approved by a prosecutor if he considers it may provide evidence of committing a serious crime. A judge may issue such an order if there is a reasonable suspicion of a serious criminal offence and if the data are likely to be associated with it.

Ruled unconstitutional – violated right to privacy.

Czech Republic

   

Ruled unconstitutional

Denmark

1 Year

Access requires judicial authorisation; court orders are granted if application meets strict criteria on suspicion, necessity and proportionality.

Session logging ceased 2014

Estonia

 

Access requires permission of a preliminary investigation judge.

In force

Finland

1 Year

Subscriber data may be accessed by all competent authorities without judicial authorisation. Other data requires a court order.

Under review 

Germany

1 Year

 

Ruled unconstitutional. Now no mandatory data retention.

Greece

1 Year

Access requires judicial decision declaring that investigation by other means is impossible or extremely difficult.

In force

France

1 Year

Police must provide justification for each request for access to retained data and must seek authorisation from person in the Ministry of the Interior designated by the Commission nationale de contrôle des interceptions de sécurité.

In force

Spain

1 Year

Access to the data by the competent national authorities requires prior judicial authorisation.

Under review

Hungary

6 Months for unsuccessful calls and 1 year for all other data.

Police and the National Tax and Customs Office require prosecutor’s authorisation. Prosecutor and national security agencies may access such data without a court order.

Further constitutional challenge is being prepared.

Italy

2 Years for fixed telephony and mobile telephony data,1 year for internet access, internet email and internet telephony data.

Access requires ‘reasoned order’ issued by the public prosecutor.

In force

Lithuania

6 Months

Authorised public authorities must request retained data in writing.For access for pre-trial investigations a judicial warrant is necessary.

In force

Latvia

18 Months

Authorised officers, public prosecutor’s office and courts are required to assess ‘adequacy and relevance’ of request, to record the request and ensure protection of data obtained.

In force

Luxembourg

6 Months

Access requires judicial authorisation.

Under review

Malta

1 Year for fixed, mobile and internet telephony data,6 months for internet access and internet email data

Requests must be in writing – Malta Police Force; Security Service.

In force

Netherlands

1 Year telephony, 6 months internet-related data

Access must be by order of a prosecutor or an investigating judge.

On 11 March 2015, national law was suspended. The decision is a preliminary injunction rendering the obligation ineffective.

Romania

6 Months under the earlier annulled transposing law

 

Ruled unconstitutional

Poland

2 Years

Requests must be in writing and in case of police, border guards, tax inspectors, authorised by the senior official in the organisation.

Under challenge

Portugal

1 Year

Transmission of data requires judicial authorisation on grounds that access is crucial to uncover the truth or that evidence would be, in any other manner, impossible or very difficult to obtain. The judicial authorisation is subject to necessity and proportional requirements.

In force

Slovenia

8 Months for internet related and 14 months for telephony related data

Access requires judicial authorisation.

Ruled unconstitutional. Ordered that data collected under the data retention law be deleted

Slovakia

1 Year for Internet services

Requests must be in writing.

Ceased following judgment of European Court of Justice. Records deleted.

Sweden

6 Months

 

Subject to judicial challenge.

UK

1 Year

Access permitted, subject to authorisation by a ‘designated person’ and necessity and proportionality test, in specific cases and in circumstances in which disclosure of the data is permitted or required by law.

Judicial challenge by MPs successful in July 2015. Key provisions of data retention law ‘disapplied’

Ireland

2 Years for fixed telephony and mobile telephony data, 1 year for internet access, internet email and internet telephony data.

No. Requests to be in writing from police officer/military over specified rank & tax/customs official over specific grade.

Under judicial challenge 

Switzerland

   

Under challenge

Norway

   

No mandatory data retention regime

USA 1 Year for Internet metadata, email, phone records Various United States agencies leverage the (voluntary) data retention practised by many U.S. commercial organizations like amazon through programs such as Prism and Muscular.  No mandatory data retention regime

The table above clearly shows that Metadata retention only leads to mass surveillance, and infringing on unsuspecting people's privacy, without them even knowing about it. It does not solve anything; rather it leads to the deterioration of society as a whole. Stopping criminals is one thing, but stopping normal people from carrying on their normal activities is an entirely different matter. It’s ironic that we are slowly becoming a police state in the name of security.

If you don't want to leave any traces behind, then you can take charge with PureVPN and make sure that your privacy, data, and online activities remain hidden.

 

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 750+ servers in 141 countries, PureVPN helps consumers and businesses in keeping their online identity secured.

Shares