Overview of national data retention policies

Aus Freiheit statt Angst!
Zur Navigation springen Zur Suche springen

Overview of national data retention policies

Please update this table by entering information on data retention in your country:

Data retention transposition schedule

Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

(EU directive)

-
6-24 months
directive, 15 March 2006

Directive's requirements:

  1. the calling telephone number;
  2. the name and address of the subscriber or registered user;
  3. the number(s) dialled (the telephone number(s) called), and, in cases involving supplementary services such as call forwarding or call transfer, the number or numbers to which the call is routed;
  4. the name(s) and address(es) of the destination subscriber(s) or registered user(s);
  5. the date and time of the start and end of the communication;
  6. the telephone service used;
  7. the calling and called telephone numbers;

Directive's requirements:

  1. the calling telephone number;
  2. the name and address of the subscriber or registered user;
  3. the number(s) dialled (the telephone number(s) called), and, in cases involving supplementary services such as call forwarding or call transfer, the number or numbers to which the call is routed;
  4. the name(s) and address(es) of the destination subscriber(s) or registered user(s);
  5. the date and time of the start and end of the communication;
  6. the telephone service used;
  7. the calling and called telephone numbers;
  8. the International Mobile Subscriber Identity (IMSI) of the calling party;
  9. the International Mobile Equipment Identity (IMEI) of the calling party;
  10. the IMSI of the called party;
  11. the IMEI of the called party;
  12. in the case of pre-paid anonymous services, the date and time of the initial activation of the service and the location label (Cell ID) from which the service was activated;
  13. the location label (Cell ID) at the start of the communication;
  14. data identifying the geographic location of cells by reference to their location labels (Cell ID) during the period for which communications data are retained.

Directive's requirements:

  1. the user ID(s) allocated;
  2. the user ID and telephone number allocated to any communication entering the public telephone network;
  3. the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
  4. the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;
  5. the date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;
  6. the Internet service used;
  7. the calling telephone number for dial-up access;
  8. the digital subscriber line (DSL) or other end point of the originator of the communication;

Directive's requirements:

  1. the user ID(s) allocated;
  2. the user ID and telephone number allocated to any communication entering the public telephone network;
  3. the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
  4. the date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and the user ID of the subscriber or registered user;
  5. the calling telephone number for dial-up access;
  6. the digital subscriber line (DSL) or other end point of the originator of the communication;

Directive's requirements:

  1. the user ID(s) allocated;
  2. the user ID and telephone number allocated to any communication entering the public telephone network;
  3. the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
  4. the user ID or telephone number of the intended recipient(s) of an Internet telephony call;
  5. the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;
  6. the date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;
  7. the Internet service used;
  8. the calling telephone number for dial-up access;
  9. the digital subscriber line (DSL) or other end point of the originator of the communication;
-
providers of publicly available electronic communications services or of a public communications network
competent national authorities in specific cases for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law
yes, action brought by Ireland

Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Austria

not yet












Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Belgium

yes

Reported:
  1. Loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques. Loi; Moniteur Belge , date pub: 27/03/1991 ; ref.: (MNE(2007)58028)
  2. Arrêté royal du 9 janvier 2003 portant exécution des articles 46bis, § 2, alinéa 1er, 88bis, § 2, alinéas 1er et 3, et 90quater, § 2, alinéa 3, du code d'instruction criminelle ainsi que de l'article 109ter, E, § 2, de la loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques. Arrêté royal; Moniteur Belge , date pub: 10/02/2003 ; ref.: (MNE(2007)58029)










Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Bulgaria

yes
 ?
Reported:
  1. Наредба № 40 от 7 януари 2008 г. за категориите данни и реда, по който се съхраняват и предоставят от предприятията, предоставящи обществени електронни съобщителни мрежи и/или услуги, за нуждите на националната сигурност и за разкриване на престъпления. Наредба на министър/ръководител на ведомство ; Държавен вестник , no.: 9 , date pub: 29/01/2008 ; date into force/en vigueur: 01/02/2008 ; ref.: (MNE(2008)50827)
  2. Закон за електронните съобщения. Закон; Държавен вестник , no.: 41 , date pub: 22/05/2007 , page: 00021-00085 ; date into force/en vigueur: 26/05/2007 ; ref.: (MNE(2007)54201)








yes, Supreme Court Challenge
Access to Information Program (AIP)
Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Cyprus

yes 6 months

Reported:

Ο Περί Διατήρησης Τηλεπικοινωνιακών Δεδομένων με Σκοπό τη Διεύρηνση Σοβαρών Ποινικών Αδικημάτων Νόμος του 2007. Νόμος , no.: Ν. 183(Ι)/2007; Cyprus Gazette , no.: 4154 , date pub: 31/12/2007 , page: 01466-01483 ; date into force/en vigueur: 31/12/2007 ; ref.: (MNE(2008)50638)











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Czech Republic

yes   12 months
Act on Electronic Communications No. 127/2005 Coll. as amended by law 247/2008 Coll.

1. pre-paid phone card identificator

2. public phone box identification (number and geographic position data)

1. IP adresses of terminals from which were sent SMS (service od sending SMS from web form, quite widespread service in the Czech Rep.)

2. every link between MSISDN and IMEI used together in the network

3. ID of mobile phone credit coupon and its link to mobile phone number (at anonymous SIMs)

4. "additional information" not more specified.

1. amount of data transferred

2. use of secured communication

3. identificator of user´s device


1. status of event (e.g.fail/success, usual/unusual termination of connection)

2. amount of uploaded/downloaded data

3. "identificators of interest" (except IP adress is named as example port number)

4. method and status requests for service

5. URI identificators and its parametres requirements


1. transport protocol

2. amounf of data trasferred


Providers of public communication network or of publicly accessible services of electronic communications

Police, public prosecutors and courts in penal proceedings.

Provisions in Police Act enable to resend the data to Interpol, SIS and Europol or foreign policies in case of "serious danger".

Similar vague backdoor for tranfer of rateined data to intelligence services are in current and also in proposed new Police Act.


In preparation.
Iuridicum Remedium (IuRe)
Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Denmark

yes
12 months

Reported:

  1. Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik. Bekendtgørelse , no.: 988; Lovtidende A , date pub: 13/10/2006 ; date into force/en vigueur: 15/09/2007 ; ref.: (MNE(2007)56962)
  2. Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik. Bekendtgørelse , no.: 988; Lovtidende A , date pub: 13/10/2006 ; date into force/en vigueur: 15/09/2007 ; ref.: (MNE(2007)56966)
  3. Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik (logningsbekendtgørelsen). Bekendtgørelse , no.: 988; Lovtidende A , date pub: 13/10/2006 ; date into force/en vigueur: 15/09/2007 ; ref.: (MNE(2007)56970)










Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Estonia

yes
12 months

Reported:

ELEKTROONILISE SIDE SEADUSE JA RAHVATERVISE SEADUSE MUUTMISE SEADUS. seaduse parandus , no.: RTI, 07.12.2007, 63, 397 ; Elektrooniline Riigi Teataja , no.: RTI, 07.12.2007, 63, 397 ; ref.: (MNE(2007)58607)











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Finland

yes
Reported:
  1. Viestintäviraston määräys tunnistamistietojen tallennusvelvollisuudesta / Kommunikationsverkets föreskrift om skyldighet att lagra identifieringsuppgifter
  2. Laki sähköisen viestinnän tietosuojalain muuttamisesta / Lag om ändring av lagen om dataskydd vid elektronisk kommunikation










Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

France

yes 12 months

Reported:

Décret no 2006-358 du 24 mars 2006 relatif à la conservation des données des communications électroniques. Décret , no.: 2006-358; Journal Officiel de la République Française (JORF) , date pub: 26/03/2006 ; date into force/en vigueur: 27/03/2006 ; ref.: (MNE(2007)56763)











Member State EU directive transposed? Data Retention Period Legal instruments and date of entry into force Data to be retained beyond the directive's requirements: fixed line telephony Data to be retained beyond the directive's requirements: mobile telephony Data to be retained beyond the directive's requirements: E-Mail Data to be retained beyond the directive's requirements: Internet access Data to be retained beyond the directive's requirements: Internet telephony Data to be retained beyond the directive's requirements: other Who is compelled to retain data? Who is authorised to access retained data and for what purposes? Legal challenges pending? Competent NGO

Germany

yes

6 months for traffic data, 12-24 months for subscription information (name, address, birth date, telephone number, PIN codes etc.)

statute (de, en), 1 January 2008: Gesetz zur Neuregelung der Telekommunikationsüberwachung und anderer verdeckter Ermittlungsmaßnahmen sowie zur Umsetzung der Richtlinie 2006/24/EG. Gesetz; Bundesgesetzblatt Teil 1, no.: 70, date pub: 31/12/2007, page: 03198-03211; date into force/en vigueur: 01/01/2008; ref.: (MNE(2008)50149

-

main direction of mobile telephone antennas

user IP address upon every checking of the mailbox and every sending or receiving of e-mail

-

-

Anonymization services are obliged to retain logs on when they replaced which data by which (§ 113a TKG).

Any person providing or assisting in providing telecommunications services and in so doing allocating subscription IDs or providing telecommunications connections for IDs allocated by other parties (applies to telephony and DSL lines, including prepaid services, but not e-mail services) is to collect, prior to activation, and store the name and address of the allocation holder, the date of birth and in the case of fixed lines, additionally the address for the line, even if such data are not required for operational purposes (§ 111 TKG). The subscriber directories are electronically accessible by all German law enforcement and intelligence agencies (§ 112 TKG).

providers of publicly accessible telecommunications services for end user

  1. the police, courts and public prosecutors for the prosecution of crime
  2. the police for the prevention of substantial dangers to public safety
  3. secret services for intelligence purposes

yes, several complaints with the Federal Constitutional Court

Working Group on Data Retention (AK Vorrat)

Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Greece

not yet












Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Hungary

yes
Reported: 15 acts








yes, Constitutional Court challenge brought by theHungarian Civil Liberties Union (HCLU)
Hungarian Civil Liberties Union (HCLU)
Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Ireland

No.

Irish government has issued draft transposing measure only. Criticism of draft here.


3 years.
Secret ministerial direction of April 2002 and Criminal Justice (Terrorist Offences) Act 2005
All "traffic data" and "location data" within the meaning of Directive 2002/58/EC.
All "traffic data" and "location data" within the meaning of Directive 2002/58/EC.
The 2005 Act does not expressly apply to email. However the language used may be wide enough to include it also - if e.g. a mobile phone operator provided an email gateway.
The 2005 Act does not expressly apply to internet access. However the language used may be wide enough to include it also - e.g. in relation to WAP or GPRS internet access from a mobile phone. The 2005 Act does not expressly apply to VOIP. However the language used may be wide enough to include it also - if e.g. a mobile phone operator provided a VOIP client N/A


Section 61 - "a person who is engaged in the provision of a publicly available electronic communications service by means of fixed line or mobile telephon


Section 64. The police may access for "(a) the prevention, detection, investigation or prosecution of crime (including but not limited to terrorist offences), or (b) the safeguarding of the security of the State."

The army may access for "the safeguarding of the security of the State".

Otherwise the information may be accessed:

(a) at the request and with the consent of the person to whom the data relate,

..

(c) in accordance with a court order,

(d) for the purpose of civil proceedings in any court, or

(e) as may be authorised by the Data Protection Commissioner.

yes, High Courtchallenge brought by DRI (latest updates)

Digital Rights Ireland

See background on Irish law here.

Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Italy

yes

Reported:

Attuazione della direttiva 2006/24/CE riguardante la conservazione dei dati generati o trattati nell'ambito della fornitura di servizi di comunicazione elettronica accessibili al pubblico o di reti pubbliche di comunicazione e che modifica la direttiva 2002/58/CE.











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Latvia

yes 18 months

Reported:

  1. Kārtība, kādā pirmstiesas izmeklēšanas iestādes, operatīvās darbības subjekti, valsts drošības iestādes, prokuratūra un tiesa pieprasa un elektronisko sakaru komersants nodod saglabājamos datus, kā arī kārtība, kādā apkopo statistisko informāciju par saglabājamo datu pieprasījumiem un to izsniegšanu. Ministru Kabineta noteikumi , no.: 820; Latvijas Vēstnesis , no.: 197 , date pub: 07/12/2007 ; date into force/en vigueur: 08/12/2007 ; ref.: (MNE(2008)50003)
  2. Grozījumi Elektronisko sakaru likumā. Likums; Latvijas Vēstnesis , no.: 83 , date pub: 24/05/2007 ; date into force/en vigueur: 07/06/2007 ; ref.: (MNE(2007)54265)










Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Lithuania

yes

Reported:

  1. Lietuvos Respublikos asmens duomenų teisinės apsaugos įstatymo pakeitimo įstatymas Nr. X-1444
  2. Lietuvos Respublikos elektroninių ryšių įstatymas Nr. IX-2135










Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Luxemburg

partial 6 months

Reported:

  1. Loi du 30 mai 2005 – relative aux dispositions spécifiques de protection de la personne à l’égard du traitement des données à caractère personnel dans le secteur des communications électroniques et – portant modification des articles 88-2 et 88-4 du Code d’instruction criminelle. Loi; Mémorial Luxembourgeois A , no.: 73 , date pub: 07/06/2005 , page: 01168-01173 ; ref.: (MNE(2008)52016)
  2. Loi du 27 juillet 2007 portant modification – de la loi du 2 août 2002 relative à la protection des personnes à l’égard du traitement des données à caractère personnel; – des articles 4 paragraphe (3) lettre d); 5 paragraphe (1) lettre a); 9 paragraphe (1) lettre a) et 12 de la loi du 30 mai 2005 concernant la protection de la vie privée dans le secteur des communications électroniques et – de l’article 23 paragraphe (2) points 1. et 2. de la loi du 8 juin 2004 sur la liberté d’expression dans les médias. Loi; Mémorial Luxembourgeois A , no.: 131 , date pub: 08/08/2007 , page: 02330-02338 ; ref.: (MNE(2008)52017)
  3. Texte coordonné de la loi du 2 août 2002 relative à la protection des personnes à l’égard du traitement des données à caractère personnel modifiée par la loi du 31 juillet 2006, la loi du 22 décembre 2006, la loi du 27 juillet 2007. Loi; Mémorial Luxembourgeois A , no.: 131 , date pub: 08/08/2007 , page: 02339-02361 ; ref.: (MNE(2008)52019)










Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Malta

yes

Reported:

  1. L.N. 198 of 2008 Data Protection Act (Cap. 440) Processing of Personal Data(Electronic Communications Sector) (Amendment) Regulations, 2008
  2. L.N. 199 of 2008 Electronic Communications (Regulation) Act (CAP. 399)Electronic Communications (Personal Data and Protection of Privacy) (Amendment) Regulations, 2008











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Netherlands

No. Legislation pending in Senate as of 12 July 2008.
12 months proposed.


location data during phone call.








Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Poland

not yet












Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Portugal

yes

Reported:

Assembleia da República-Transpõe para a ordem jurídica interna a Directiva n.º 2006/24/CE, do Parlamento Europeu e do Conselho, de 15 de Março, relativa à conservação de dados gerados ou tratados no contexto da oferta de serviços de comunicações electrónicas publicamente disponíveis ou de redes públicas de comunicações











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Romania

yes

12 months  (Govt Proposal)

6 months (Senate)

Reported:

Lege privind reținerea datelor generate sau prelucrate de furnizorii de serv icii de comunicații electronice destinate publicului sau de rețele publice de comunicații, precum și pentru modificarea Legii nr. 506/2004 privind prelucrarea datelor cu caracter personal și protecția vieții private în sectorul comunicațiilor electronice







Electronic communication providers (same definition as in the telecom laws)

Prosecutors, with Judicial authorisation.

Competent National Security Instututions (?!?)

Only for serious crimes = defined as crimes agains t the State, organized crimes and terrorism crimes


APTI
Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Slovenia

yes

Reported:

Zakon o spremembah in dopolnitvah Zakona o elektronskih komunikacijah. Zakon; Uradni list RS , no.: 129/2006 , date pub: 12/12/2006 , page: 14113-14128 ; date into force/en vigueur: 27/12/2006 ; ref.: (MNE(2007)50469)











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Slovakia

yes 24 months, 6 months for Internet services

Reported: many











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Spain

yes
12 months

Reported:

LEY 25/2007, de 18 de octubre, de conservación de datos relativos a las comunicaciones electrónicas y a las redes públicas de comunicaciones. Ley , no.: 25/2007; Boletín Oficial del Estado ( B.O.E ) , no.: 251/2007 , date pub: 19/10/2007 , page: 42517-42523 ; date into force/en vigueur: 08/11/2007 ; ref.: (MNE(2007)57464)











Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Sweden

not yet












Member State
EU directive transposed?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

United Kingdom

partial
12 months

Reported:

The Data Retention (EC Directive) Regulations 2007. Statutory instrument (SI) , no.: Statutory Instrument 20; Her Majesty's Stationery Office (HMSO) , no.: ISBN 978 0 11 078328 4 ; date into force/en vigueur: 01/10/2007 ; ref.: (MNE(2007)57200)











Non-EU- State
Data retention implemented ?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Brazil














Non-EU- State
Data retention implemented ?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Switzerland














Non-EU-State
Data retention implemented ?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO
Switzerland yes, as of 2002 6 months




Buyers of prepaid mobile phone cards must be identified and registered by ID document (name, address, date of birth) operators of fixed line and mobile telephony, public ip-based telecommunications services
no

Please update this table by entering information on data retention in your country:

See also