Overview of national data retention policies

Aus Freiheit statt Angst!

(Unterschied zwischen Versionen)
Wechseln zu: Navigation, Suche
(Spain)
(See also)
(Der Versionsvergleich bezieht 90 dazwischen liegende Versionen mit ein.)
Zeile 1: Zeile 1:
-
'''Overview of national data retention policies''' __TOC__
+
'''Overview of national data retention policies''' (outdated, for updates see [[#See also|below]]) __TOC__
Please update this table by entering information on [http://en.wikipedia.org/wiki/Data_retention data retention] in your country:
Please update this table by entering information on [http://en.wikipedia.org/wiki/Data_retention data retention] in your country:
Zeile 10: Zeile 10:
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 27: Zeile 27:
=== ([http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML EU directive]) ===
=== ([http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML EU directive]) ===
-
| valign="top" | -<br>
+
| valign="top" | no longer in force
-
| valign="top" | 6-24 months<br>
+
| valign="top" | 6-24 months (formerly)
| valign="top" | [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML directive], 15 March 2006<br>
| valign="top" | [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML directive], 15 March 2006<br>
| valign="top" |
| valign="top" |
Zeile 97: Zeile 97:
| valign="top" | providers of publicly available electronic communications services or of a public communications network<br>
| valign="top" | providers of publicly available electronic communications services or of a public communications network<br>
| valign="top" | competent national authorities in specific cases for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law<br>
| valign="top" | competent national authorities in specific cases for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law<br>
-
| valign="top" | yes, [http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=en&newform=newform&alljur=alljur&jurcdj=jurcdj&jurtpi=jurtpi&jurtfp=jurtfp&alldocrec=alldocrec&docj=docj&docor=docor&docop=docop&docav=docav&docsom=docsom&docinf=docinf&alldocnorec=alldocnorec&docnoj=docnoj&docnoor=docnoor&radtypeord=on&typeord=ALL&docnodecision=docnodecision&allcommjo=allcommjo&affint=affint&affclose=affclose&numaff=C-92%2F09&ddatefs=&mdatefs=&ydatefs=&ddatefe=&mdatefe=&ydatefe=&nomusuel=&domaine=&mots=&resmax=100&Submit=Submit action] brought by Administrative Court of Wiesbaden (Germany)
+
| valign="top" | annulled in 2014 by EU Court of Justice
-
| valign="top" | <br>
+
| valign="top" | [http://www.edir.org EDRi]
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 118: Zeile 118:
=== Austria ===
=== Austria ===
-
| valign="top" | not yet, [http://www.parlament.gv.at/PG/DE/XXIV/ME/ME_00117/pmh.shtml draft] law available
+
| valign="top" | no
 +
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 128: Zeile 129:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | data retention legislation annulled by Constitutional Court in 2014
-
| valign="top" | <br>
+
| valign="top" | [http://www.akvorrat.at AK Vorrat]
-
| valign="top" | <br>
+
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 151: Zeile 151:
=== Belgium ===
=== Belgium ===
-
| valign="top" | no<br>
+
| valign="top" |
 +
| valign="top" | 12 months
 +
| valign="top" | Electronic Telecommunications Act, 13th June 2005
 +
| valign="top" |
 +
| valign="top" |
 +
| valign="top" |
 +
| valign="top" |
 +
| valign="top" |
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_BE Reported]:
 
-
#Loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques. Loi; Moniteur Belge , date pub: 27/03/1991&nbsp;; ref.: (MNE(2007)58028)<br>
 
-
#Arrêté royal du 9 janvier 2003 portant exécution des articles 46bis, § 2, alinéa 1er, 88bis, § 2, alinéas 1er et 3, et 90quater, § 2, alinéa 3, du code d'instruction criminelle ainsi que de l'article 109ter, E, § 2, de la loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques. Arrêté royal; Moniteur Belge , date pub: 10/02/2003&nbsp;; ref.: (MNE(2007)58029) <br>
 
- 
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | Judicial coordination unit, examining magistrates, public prosecutor, criminal police for the investigation and prosecution of criminal offences, the prosecution of abuse of emergency services telephone number, investigation into malicious abuse of electronic communications network or service, for the purposes of intelligence-gathering missions undertaken by the intelligence and security services
-
| valign="top" | <br>
+
| valign="top" | EU Court of Justice (pending): [http://curia.europa.eu/juris/fiche.jsf?id=C;520;18;RP;1;P;1;C2018/0520/P&lgrec=en&language=en Reference of 2 August 2018 on Belgian data retention law] (Ordre des barreaux francophones and germanophone)
-
| valign="top" | <br>
+
| valign="top" | Liga voor Mensenrechten, NURPA, Ligue des droits de l'Homme / Ordre des barreaux francophones and germanophone
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 187: Zeile 184:
=== Bulgaria ===
=== Bulgaria ===
-
| valign="top" | yes<br>
+
| valign="top" | yes
-
| valign="top" | &nbsp;12 months<br>
+
| valign="top" | 6 months
-
| valign="top" | [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_BG Reported:]<br>
+
| valign="top" | [http://sofiaglobe.com/2015/03/12/bulgarias-constitutional-court-scraps-data-retention-provisions/ Data retention law annulled by Constitutional Court in March 2015] but [http://sofiaglobe.com/2015/03/26/bulgaria-scrambles-to-amend-scrapped-data-retention-provisions/ reinacted on 26 Mar]
-
#Electronic Communications Act, promulgated in State Gazette No.41 as of May 22, 2007, amended State Gazette No.27 as of April 9,2010;;
+
-
#Regulation # 40 on the categories of data and the procedure under which they would be retained and disclosed by companies providing publicly available electronic communication networks and/or services for the needs of national security and crime investigation, promulgated in State Gazette No. 9 as of January 29, 2008, amended State Gazette No.108 as of December 19, 2008;
+
-
 
+
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" |
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" |
-
| valign="top" | Providers of public communications networks and/or publicly available electronic communications services
+
| valign="top" |
-
| valign="top" | The head officer of the:
+
| valign="top" | [http://www.aip-bg.org/documents/data_retention_campaign_eng.htm completed]
-
1. Specialized departments, the local units and the independent territorial directorates within the State Agency for National Security;
+
-
2. Directorate General “Criminal Police”, Directorate General “Fight against organized crime” and its local units, Directorate General “Security”, Directorate General “Border Police”, directorate “Internal security”, Sofia Directorate of Internal affairs, the regional directorates within the MoI;
+
-
3. The Military Information Service and the “Military Police” within the Ministry of Defence;
+
-
4. National Intelligence Service
+
-
The data is retained for the purposes of detection and investigation of serious crimes and crimes under Art. 319a - 319e of the Penal Code (cybercrimes), and for the location of missing or wanted persons.
+
-
Access id granted only after a court warrant.
+
-
| valign="top" | [http://www.aip-bg.org/documents/data_retention_campaign_eng.htm yes], Supreme Administrative Court Challenge brought by Access to Information Programme<br>
+
| valign="top" | [http://www.aip-bg.org/documents/data_retention_190308eng.htm Access to Information Programme (AIP)]<br>
| valign="top" | [http://www.aip-bg.org/documents/data_retention_190308eng.htm Access to Information Programme (AIP)]<br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 243: Zeile 231:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For investigation of a serious criminal offence
| valign="top" | Supreme Court [http://www.supremecourt.gov.cy/judicial/sc.nsf/All/5B67A764B86AA78EC225782F004F6D28/%24file/65-09.pdf ruled] 1 Feb 2011 that retained data can only be accessed "in cases of convicted and unconvicted prisoners and business correspondence and communication of bankrupts during the bankruptcy administration" (Art. 17 of [http://www.kypros.org/Constitution/English/appendix_d_part_ii.html Constitution])
| valign="top" | Supreme Court [http://www.supremecourt.gov.cy/judicial/sc.nsf/All/5B67A764B86AA78EC225782F004F6D28/%24file/65-09.pdf ruled] 1 Feb 2011 that retained data can only be accessed "in cases of convicted and unconvicted prisoners and business correspondence and communication of bankrupts during the bankruptcy administration" (Art. 17 of [http://www.kypros.org/Constitution/English/appendix_d_part_ii.html Constitution])
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 266: Zeile 254:
=== Czech Republic ===
=== Czech Republic ===
-
| valign="top" | yes
+
| valign="top" | yes, reimplementation as of November 2012
-
| valign="top" | &nbsp; 12 months<br>
+
| valign="top" | 6 months
-
| valign="top" | Act on Electronic Communications No. 127/2005 Coll. as amended by law 247/2008 Coll.<br>
+
| valign="top" | [http://www.epravo.cz/top/clanky/jake-budou-dopady-zruseni-smernice-o-data-retention-94415.html Act 273/2012 Coll] (amendment of the data retention acts)
-
| valign="top" |
+
-
1. pre-paid phone card identificator
+
-
 
+
-
2. public phone box identification (number and geographic position data)
+
 +
[http://www.epravo.cz/top/zakony/sbirka-zakonu/vyhlaska-ze-dne-17-rijna-2012-o-uchovavani-predavani-a-likvidaci-provoznich-a-lokalizacnich-udaju-19184.html public notice] (adjustment circuit stored data, transmission of data etc.)
 +
| valign="top" |
| valign="top" |
| valign="top" |
-
1. IP adresses of terminals from which were sent SMS (service od sending SMS from web form, quite widespread service in the Czech Rep.)
 
- 
-
2. every link between MSISDN and IMEI used together in the network
 
- 
-
3. ID of mobile phone credit coupon and its link to mobile phone number (at anonymous SIMs)
 
- 
-
4. "additional information" not more specified.
 
- 
| valign="top" |
| valign="top" |
-
1. amount of data transferred
 
- 
-
2. use of secured communication
 
- 
-
3. identificator of user´s device
 
- 
-
<br>
 
- 
| valign="top" |
| valign="top" |
-
1. status of event (e.g.fail/success, usual/unusual termination of connection)
 
- 
-
2. amount of uploaded/downloaded data
 
- 
-
3. "identificators of interest" (except IP adress is named as example port number)
 
- 
-
4. method and status requests for service
 
- 
-
5. URI identificators and its parametres requirements
 
- 
-
<br>
 
- 
| valign="top" |
| valign="top" |
-
1. transport protocol
 
- 
-
2. amount of data transferred
 
- 
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | Providers of public communication network or of publicly accessible services of electronic communications
 
| valign="top" |
| valign="top" |
-
Police, public prosecutors and courts in penal proceedings.
+
| valign="top" |
-
 
+
| valign="top" | being considered
-
Provisions in Police Act enable to forward the data to Interpol, SIS and Europol or foreign policies in case of "serious danger".
+
-
 
+
-
Similar vague backdoor for transfer of rrtained data to intelligence services are in current and also in proposed new Police Act.
+
-
 
+
-
<br>
+
-
 
+
-
| valign="top" | Yes, submitted in March 2010, Constitutional Court file no. Pl. ÚS 24/10, [http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=auto&tl=en&u=http%3A%2F%2Fslidilove.cz%2Fcontent%2Fposlanci-zadaji-ustavni-soud-zastavte-smirovani-obcanu more info]
+
| valign="top" | [http://www.iure.org/ Iuridicum Remedium (IuRe)]
| valign="top" | [http://www.iure.org/ Iuridicum Remedium (IuRe)]
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 353: Zeile 299:
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" | first and last cell used during the communication to be retained
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" | location of hotspots needs to be registered
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" | Implementation applies even to non-public communication services except for public institutions
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For the investigation and prosecution of criminal acts
-
| valign="top" | <br>
+
| valign="top" | no
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 378: Zeile 324:
| valign="top" | '''Competent NGO'''<br>
| valign="top" | '''Competent NGO'''<br>
|-
|-
-
| valign="top" |
+
| valign="top" |
 +
 
=== Estonia ===
=== Estonia ===
-
| valign="top" | yes
+
| valign="top" | yes, as of 01/01/2008 (Internet 15/03/2009)
| valign="top" | 12 months<br>
| valign="top" | 12 months<br>
| valign="top" |
| valign="top" |
Zeile 395: Zeile 342:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | for criminal proceedings of a criminal offence [in the first degree or an intentionally committed criminal offence in second degree with a penalty of imprisonment of at least three years]
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 418: Zeile 365:
=== Finland ===
=== Finland ===
-
| valign="top" | yes
+
| valign="top" | yes, as of 23/05/2008 (Internet 15/03/2009)
-
| valign="top" | 12 months
+
| valign="top" | 6-12 months
| valign="top" | Reported:<br>
| valign="top" | Reported:<br>
#Viestintäviraston määräys tunnistamistietojen tallennusvelvollisuudesta / Kommunikationsverkets föreskrift om skyldighet att lagra identifieringsuppgifter<br>
#Viestintäviraston määräys tunnistamistietojen tallennusvelvollisuudesta / Kommunikationsverkets föreskrift om skyldighet att lagra identifieringsuppgifter<br>
#Laki sähköisen viestinnän tietosuojalain muuttamisesta / Lag om ändring av lagen om dataskydd vid elektronisk kommunikation<br>
#Laki sähköisen viestinnän tietosuojalain muuttamisesta / Lag om ändring av lagen om dataskydd vid elektronisk kommunikation<br>
 +
[http://www.finlex.fi/fi/laki/kaannokset/2004/en20040516.pdf English translation]
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" | 12 months
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" | 6 months
 +
| valign="top" | 9 months
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | Only operators of certain size
-
| valign="top" | <br>
+
| valign="top" | For investigating, detecting and prosecuting serious crimes as set out in Chapter 5a, Article 3(1) of the Coercive Measures Act
-
| valign="top" | <br>
+
| valign="top" | no
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 454: Zeile 402:
=== France ===
=== France ===
-
| valign="top" | yes
+
| valign="top" | yes, as of 24/03/2006
| valign="top" | 12 months
| valign="top" | 12 months
| valign="top" |
| valign="top" |
Zeile 466: Zeile 414:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" |
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For the detection, investigation, and prosecution of criminal offences, and for the purpose of providing judicial authorities with information needed, and for the prevention of acts of terrorism and protecting intellectual property
-
| valign="top" | <br>
+
| valign="top" | EU Court of Justice (pending): [http://curia.europa.eu/juris/fiche.jsf?id=C;511;18;RP;1;P;1;C2018/0511/P&lgrec=en&language=en Reference of 3 August 2018 on French data retention law]
-
| valign="top" | No. A challenge was [http://www.legalis.net/jurisprudence-decision.php3?id_article=2000 rejected] by the Constitutional Court (decision of 07/08/2007). However, the Court [http://www.legalis.net/jurisprudence-decision.php3?id_article=2001 decided] providers must be reimbursed (decision of 07/08/2007).
+
| valign="top" | La Quadrature du Net and others
-
| valign="top" | <br>
+
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State'''
| valign="top" | '''Member State'''
-
| valign="top" | '''EU directive transposed?'''
+
| valign="top" | '''Data retention in force?'''
| valign="top" | '''Data Retention Period'''
| valign="top" | '''Data Retention Period'''
| valign="top" | '''Legal instruments and date of entry into force'''
| valign="top" | '''Legal instruments and date of entry into force'''
Zeile 492: Zeile 440:
| valign="top" |
| valign="top" |
-
no ([http://www.vorratsdatenspeicherung.de/content/view/51/70/lang,en/ declared unconstitutional] on 2 March 2010)
+
Legislation in force, but currently not being applied due to court order
| valign="top" |
| valign="top" |
-
-
+
4 to 10 weeks
| valign="top" |
| valign="top" |
-
-
+
Telecommunications Act, Art. 113b
| valign="top" |
| valign="top" |
Zeile 504: Zeile 452:
| valign="top" |
| valign="top" |
-
-
+
main direction of mobile telephone antennas
| valign="top" |
| valign="top" |
-
-
+
(not covered)
| valign="top" |
| valign="top" |
Zeile 519: Zeile 467:
| valign="top" |
| valign="top" |
 +
providers of publicly accessible telecommunications services for end user
| valign="top" |
| valign="top" |
 +
# the police, courts and public prosecutors for the prosecution of crime
 +
# the police for the prevention of substantial dangers to public safety
 +
# secret services for intelligence purposes (IP addresses)
| valign="top" |
| valign="top" |
 +
yes, [http://www.vorratsdatenspeicherung.de/content/view/780/79/lang,de/ several complaints] with the Federal Constitutional Court
| valign="top" |
| valign="top" |
-
[http://www.vorratsdatenspeicherung.de Working Group on Data Retention (AK Vorrat)]
+
[http://www.vorratsdatenspeicherung.de Working Group on Data Retention (AK Vorrat)], [https://www.digitalcourage.de Digitalcourage] and others
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 547: Zeile 500:
=== Greece ===
=== Greece ===
-
| valign="top" | not yet<br>
+
| valign="top" | yes
-
| valign="top" | <br>
+
| valign="top" | 12 months
-
| valign="top" | <br>
+
| valign="top" | [http://netlaw.gr/media/File/Legislation/N_3917_2011_diatirisi_prosopikon_dedomenon.pdf Data retention law no. 3917 dated 21-02-2011]
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 556: Zeile 509:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | providers of publicly available electronic communications services or public communications networks
-
| valign="top" | <br>
+
| valign="top" | For the purpose of detecting particularly serious crimes
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 590: Zeile 543:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | To enable investigating bodies, the public prosecutor, the courts and national
 +
security agencies to perform their duties, and to enable police and the National Tax and Customs Office to investigate intentional crimes carrying a prison term of two or more years
| valign="top" | yes, Constitutional Court [http://www.tasz.hu/en/node/826 challenge] brought by the[http://www.tasz.hu Hungarian Civil Liberties Union (HCLU)]<br>
| valign="top" | yes, Constitutional Court [http://www.tasz.hu/en/node/826 challenge] brought by the[http://www.tasz.hu Hungarian Civil Liberties Union (HCLU)]<br>
| valign="top" | [http://www.tasz.hu Hungarian Civil Liberties Union (HCLU)]<br>
| valign="top" | [http://www.tasz.hu Hungarian Civil Liberties Union (HCLU)]<br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 614: Zeile 568:
| valign="top" |
| valign="top" |
-
No.
+
Yes.
-
Irish government proposes to implement via the [http://www.oireachtas.ie/viewdoc.asp?DocID=12468 Communications (Retention of Data) Bill 2009]
+
| valign="top" | 25 months phone records, 13 months Internet records (may be kept for up to 25 months).
-
 
+
| valign="top" | Communications (Retention of Data) Act 2011.
-
Details of previous proposals to implement here:
+
| valign="top" | Unsuccessful calls to be retained
-
 
+
| valign="top" | Unsuccessful calls to be retained
-
[http://www.justice.ie/en/JELR/Draft%20S.I%20on%20the%20transposition%20of%20Directive%20No.%202006-24-EC%20of%20the%20European%20Parliament%20and%20of%20the%20Council%20of%2015%20March%202006.doc/Files/Draft%20S.I%20on%20the%20transposition%20of%20Directive%20No.%202006-24-EC%20of%20the%20European%20Parliament%20and%20of%20the%20Council%20of%2015%20March%202006.doc Draft transposing measure]. Criticism of previous draft [http://www.irishtimes.com/newspaper/opinion/2008/0604/1212513046233.html here].
+
-
 
+
-
<br>
+
-
 
+
-
| valign="top" | 3 years.<br>
+
-
| valign="top" | Secret ministerial direction of April 2002 and [http://www.irishstatutebook.ie/2005/en/act/pub/0002/index.html Criminal Justice (Terrorist Offences) Act 2005]<br>
+
-
| valign="top" | All "traffic data" and "location data" within the meaning of [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML Directive 2002/58/EC].<br>
+
-
| valign="top" | All "traffic data" and "location data" within the meaning of [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML Directive 2002/58/EC.]<br>
+
-
| valign="top" | The 2005 Act does not expressly apply to email. However the language used may be wide enough to include it also - if e.g. a mobile phone operator provided an email gateway.<br>
+
-
| valign="top" | The 2005 Act does not expressly apply to internet access. However the language used may be wide enough to include it also - e.g. in relation to WAP or GPRS internet access from a mobile phone.
+
-
| valign="top" | The 2005 Act does not expressly apply to VOIP. However the language used may be wide enough to include it also - if e.g. a mobile phone operator provided a VOIP client
+
-
| valign="top" | N/A<br>
+
| valign="top" |
| valign="top" |
-
<br> [http://www.irishstatutebook.ie/2005/en/act/pub/0002/sec0061.html#partvii-sec61 Section 61] - "a person who is engaged in the provision of a publicly available electronic communications service by means of fixed line or mobile telephon <br>
 
- 
-
<br>
 
- 
-
| valign="top" | [http://www.irishstatutebook.ie/2005/en/act/pub/0002/sec0064.html Section 64]. The '''police''' may access for "(a) the prevention, detection, investigation or prosecution of crime (including but not limited to terrorist offences), or (b) the safeguarding of the security of the State."<br>
 
-
The '''army''' may access for "the safeguarding of the security of the State".<br>
 
- 
-
Otherwise the information may be accessed:<br>
 
- 
-
(a) at the request and '''with the consent of the person to whom the data relate''',<br> <br>..
 
- 
-
(c) '''in accordance with a court order''',<br> <br>(d) '''for the purpose of civil proceedings''' in any court, or<br> <br>(e) as may be '''authorised by the Data Protection Commissioner'''.
 
- 
| valign="top" |
| valign="top" |
-
[http://www.digitalrights.ie/ yes, High Court][http://www.digitalrights.ie/category/data-retention/ challenge] brought by [http://www.digitalrights.ie/ DRI] (latest [http://www.mcgarrsolicitors.ie/category/dri/ updates])<br>
+
| valign="top" |
-
 
+
| valign="top" |
 +
| valign="top" |
 +
| valign="top" | For the prevention of serious offences (i.e. offences punishable by imprisonment for a term of 5 years or more, or an offence in schedule to the transposing law), safeguarding of the security of the state and the saving of human life. Data may be accessed
 +
* with consent of a person to whom data relates or
 +
* in accordance with a court order (including civil litigation) or
 +
* authorised by the Data Protection Commissioner or
 +
* Garda not below rank of Chief Superintendent or
 +
* Officer not below rank of colonel of Permanent Defence Force or
 +
* Officer of Revenue Commissioners not below rank of principal officer
 +
| valign="top" |
 +
[http://www.digitalrights.ie/ yes, High Court][http://www.digitalrights.ie/category/data-retention/ challenge] brought by [http://www.digitalrights.ie/ DRI] (latest [http://www.mcgarrsolicitors.ie/category/dri/ updates]), still pending
| valign="top" |
| valign="top" |
[http://www.digitalrights.ie/ Digital Rights Ireland]
[http://www.digitalrights.ie/ Digital Rights Ireland]
Zeile 656: Zeile 595:
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 675: Zeile 614:
| valign="top" | yes<br>
| valign="top" | yes<br>
-
| valign="top" | Telephony: six months (24 in case of judicial proceedings), Internet: 12 months
+
| valign="top" | 24 months, Internet 12 months
| valign="top" |
| valign="top" |
Reported:
Reported:
Zeile 688: Zeile 627:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For detecting and suppressing criminal offences
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 711: Zeile 650:
=== Latvia ===
=== Latvia ===
-
| valign="top" | yes
+
| valign="top" | yes, as of 07/06/2007 (Internet 15/02/2009)
| valign="top" | 18 months
| valign="top" | 18 months
| valign="top" |
| valign="top" |
Zeile 726: Zeile 665:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | To protect state and public security or to ensure the investigation of criminal offences, criminal prosecution and criminal court proceedings
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 745: Zeile 684:
| valign="top" | '''Competent NGO'''<br>
| valign="top" | '''Competent NGO'''<br>
|-
|-
-
| valign="top" |
+
| valign="top" |
 +
 
=== Lithuania ===
=== Lithuania ===
Zeile 763: Zeile 703:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For the investigation, detection and prosecution of serious and very serious crimes, as defined by the Lithuanian Criminal Code
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 786: Zeile 726:
=== Luxemburg ===
=== Luxemburg ===
-
| valign="top" | not transposed
+
| valign="top" | yes
-
| valign="top" | 0
+
| valign="top" | 6 months
| valign="top" |
| valign="top" |
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_LU Reported:]
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_LU Reported:]
-
#Loi du 30 mai 2005 – relative aux dispositions spécifiques de protection de la personne à l’égard du traitement des données à caractère personnel dans le secteur des communications électroniques et – portant modification des articles 88-2 et 88-4 du Code d’instruction criminelle. Loi; Mémorial Luxembourgeois A , no.: 73 , date pub: 07/06/2005 , page: 01168-01173&nbsp;; ref.: (MNE(2008)52016)
+
[http://www.legilux.public.lu/leg/a/archives/2010/0122/a122.pdf Loi concernant la protection de la vie privée dans le secteur des communications électroniques]
-
#Loi du 27 juillet 2007 portant modification – de la loi du 2 août 2002 relative à la protection des personnes à l’égard du traitement des données à caractère personnel; – des articles 4 paragraphe (3) lettre d); 5 paragraphe (1) lettre a); 9 paragraphe (1) lettre a) et 12 de la loi du 30 mai 2005 concernant la protection de la vie privée dans le secteur des communications électroniques et – de l’article 23 paragraphe (2) points 1. et 2. de la loi du 8 juin 2004 sur la liberté d’expression dans les médias. Loi; Mémorial Luxembourgeois A , no.: 131 , date pub: 08/08/2007 , page: 02330-02338&nbsp;; ref.: (MNE(2008)52017)
+
 
-
#Texte coordonné de la loi du 2 août 2002 relative à la protection des personnes à l’égard du traitement des données à caractère personnel modifiée par la loi du 31 juillet 2006, la loi du 22 décembre 2006, la loi du 27 juillet 2007. Loi; Mémorial Luxembourgeois A , no.: 131 , date pub: 08/08/2007 , page: 02339-02361&nbsp;; ref.: (MNE(2008)52019) <br>
+
[http://www.legilux.public.lu/leg/a/archives/2010/0122/a122.pdf Règlement grand-ducal du 24 juillet 2010 déterminant les catégories de données à caractère personnel générées ou traitées dans le cadre de la fourniture de services de communications électroniques ou de réseaux de communications publics]
| valign="top" | <br>
| valign="top" | <br>
Zeile 802: Zeile 742:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For the detection, investigation, and prosecution of criminal offences carrying a criminal sentence of a maximum one year or more
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 821: Zeile 761:
| valign="top" | '''Competent NGO'''<br>
| valign="top" | '''Competent NGO'''<br>
|-
|-
-
| valign="top" |
+
| valign="top" |
 +
 
=== Malta ===
=== Malta ===
Zeile 839: Zeile 780:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For investigation, detection or prosecution of serious crime
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 862: Zeile 803:
=== Netherlands ===
=== Netherlands ===
-
| valign="top" | Yes.<br>
+
| valign="top" | no
-
| valign="top" | 12 months.
+
| valign="top" |
-
| valign="top" | Wet bewaarplicht telecommunicatiegegevens, passed Senate on 7 July 2009. Plus law to be proposed by government that will reduce period for Internet to 6 months. <br>
+
| valign="top" | [http://www.debrauw.com/newsletter/court-suspends-dutch-telecom-data-retention-act/ Court annulled data retention law in March 2015]
-
| valign="top" | No.<br>
+
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 873: Zeile 813:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" |
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 895: Zeile 836:
=== Poland ===
=== Poland ===
| valign="top" | yes<br>
| valign="top" | yes<br>
-
| valign="top" | 24 months for all sorts of data required by the Directive<br>
+
| valign="top" | 12 months
| valign="top" |1. The Telecommunication Law Amendment of 24 April 2009 (Journal Od Laws of 2009, No.85 item 716).<br> 2.The Regulation of the Minister of Infrastructure of 28 December 2009 on a detailed specification of data and types of operators of public telecommunications networks or providers of publicly available telecommunications services obliged for its retention and storage, Journal of Laws of 2009, No 226 item 1828, went into force on 1 January 2010. <br>
| valign="top" |1. The Telecommunication Law Amendment of 24 April 2009 (Journal Od Laws of 2009, No.85 item 716).<br> 2.The Regulation of the Minister of Infrastructure of 28 December 2009 on a detailed specification of data and types of operators of public telecommunications networks or providers of publicly available telecommunications services obliged for its retention and storage, Journal of Laws of 2009, No 226 item 1828, went into force on 1 January 2010. <br>
 +
| valign="top" | unsuccessful call attempts
 +
| valign="top" | unsuccessful call attempts, data identifying beam and working range of antenna of BTS
 +
| valign="top" |
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | data identifying beam and working range of antenna of BTS
 
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | No court order required. Six secret services, police, courts and prosecution have a right to request data. For the prevention or detection of crime (even if not serious), for prevention and detection of fiscal offences, for use by prosecutors and courts if relevant to the court proceedings pending, for the purpose of the Internal Security Agency, Foreign Intelligence Agency, Central Anti-Corruption Bureau, Military Counter-intelligence Services and Military Intelligence Services to perform their tasks
-
| valign="top" | <br>
+
| valign="top" | no
-
| valign="top" | <br>
+
| valign="top" | [http://www.panoptykon.org Panoptykon]
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 927: Zeile 868:
=== Portugal ===
=== Portugal ===
-
| valign="top" | yes<br>
+
| valign="top" | yes, as of 08/2009
| valign="top" | 12 months
| valign="top" | 12 months
| valign="top" |
| valign="top" |
Zeile 941: Zeile 882:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For the investigation, detection and prosecution of serious crime
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 965: Zeile 906:
| valign="top" |
| valign="top" |
-
yes, but [http://news.softpedia.com/news/Romanian-Data-Retention-Law-Ruled-Unconstitutional-123908.shtml declared unconstitutional]
+
no, as of 2014
| valign="top" |
| valign="top" |
-
6 months
+
 
| valign="top" |
| valign="top" |
-
Reported:
 
- 
-
Lege privind reținerea datelor generate sau prelucrate de furnizorii de serv icii de comunicații electronice destinate publicului sau de rețele publice de comunicații, precum și pentru modificarea Legii nr. 506/2004 privind prelucrarea datelor cu caracter personal și protecția vieții private în sectorul comunicațiilor electronice
 
- 
-
[http://news.softpedia.com/news/Romanian-Data-Retention-Law-Ruled-Unconstitutional-123908.shtml declared unconstitutional]
 
| valign="top" | <br>
| valign="top" | <br>
Zeile 983: Zeile 919:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | Electronic communication providers (same definition as in the telecom laws)<br>
 
| valign="top" |
| valign="top" |
-
Prosecutors, with Judicial authorisation.
+
| valign="top" |
-
 
+
| valign="top" | data retention legislation [https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.ccr.ro%2Fnoutati%2FCOMUNICAT-DE-PRES-99&edit-text= annulled] by Constitutional Court in 2014
-
Competent National Security Instututions (?!?)
+
-
 
+
-
Only for serious crimes = defined as crimes agains t the State, organized crimes and terrorism crimes
+
-
 
+
-
| valign="top" | <br>
+
| valign="top" | [http://www.apti.ro APTI]
| valign="top" | [http://www.apti.ro APTI]
[http://www.comisariat.ro/index.html Comisariatul pentru Societatea Civila]
[http://www.comisariat.ro/index.html Comisariatul pentru Societatea Civila]
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 1.014: Zeile 944:
=== Slovakia ===
=== Slovakia ===
-
| valign="top" | yes
+
| valign="top" | no, as of April 2015 - declared unconstitutional
-
| valign="top" | 6 months for Internet services, 12 months for another types of communication
+
| valign="top" |
| valign="top" |
-
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_SK Reported: many]<br>
+
| valign="top" |
 +
<br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.026: Zeile 956:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
 
-
| valign="top" | <br>
 
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" | <br>
 +
| valign="top" | [http://www.eisionline.org/ European Information Society Institute (EISI)]
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 1.049: Zeile 979:
=== Slovenia ===
=== Slovenia ===
-
| valign="top" | yes
+
| valign="top" | no
-
| valign="top" | 24 months
+
| valign="top" |
| valign="top" |
| valign="top" |
-
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_SI Reported:]
 
- 
-
Zakon o spremembah in dopolnitvah Zakona o elektronskih komunikacijah. Zakon; Uradni list RS , no.: 129/2006 , date pub: 12/12/2006 , page: 14113-14128&nbsp;; date into force/en vigueur: 27/12/2006&nbsp;; ref.: (MNE(2007)50469) <br>
 
- 
-
| valign="top" | <br>
 
-
| valign="top" | <br>
 
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.065: Zeile 989:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" |
 +
| valign="top" | data retention legislation [http://edri.org/slovenia-data-retention-unconstitutional/ annulled] by Constitutional Court in 2014
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 1.086: Zeile 1.012:
=== Spain ===
=== Spain ===
-
| valign="top" | yes<br>
+
| valign="top" | yes, as of 09/11/2007
-
| valign="top" | 12 months; This timeline could be reduced or extended to a minimum of 6 months and a maximum of 24 months, on request of the compentent authorities<br>
+
| valign="top" | 12 months; can be reduced or extended to a minimum of 6 months and a maximum of 24 months, on request of the compentent authorities
| valign="top" |
| valign="top" |
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_ES Reported:]
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_ES Reported:]
LEY 25/2007, de 18 de octubre, de conservación de datos relativos a las comunicaciones electrónicas y a las redes públicas de comunicaciones. Ley , no.: 25/2007; Boletín Oficial del Estado ( B.O.E ) , no.: 251/2007 , date pub: 19/10/2007 , page: 42517-42523&nbsp;; date into force/en vigueur: 08/11/2007&nbsp;; ref.: (MNE(2007)57464) <br>
LEY 25/2007, de 18 de octubre, de conservación de datos relativos a las comunicaciones electrónicas y a las redes públicas de comunicaciones. Ley , no.: 25/2007; Boletín Oficial del Estado ( B.O.E ) , no.: 251/2007 , date pub: 19/10/2007 , page: 42517-42523&nbsp;; date into force/en vigueur: 08/11/2007&nbsp;; ref.: (MNE(2007)57464) <br>
 +
| valign="top" | None<br>
 +
| valign="top" | None<br>
 +
| valign="top" | None<br>
 +
| valign="top" | None<br>
 +
| valign="top" | None<br>
 +
| valign="top" | None<br>
 +
| valign="top" | same as the Directive: telecomunications providers; los operadores que presten servicios de comunicaciones electrónicas disponibles al público o exploten redes públicas de comunicaciones (art.2)<br>
 +
| valign="top" | All Police/Security forces when acting under an order of the Attorney General or Courts of Justice
 +
 +
Miembros de las Fuerzas y Cuerpos de Seguridad del Estado, cuando desempeñen funciones de Policia Judicial (art.6.2.a)
-
| valign="top" | <br>
+
Funcionarios de la Dirección Adjunta de Vigilancia Aduanera, en el desarrollo de sus competencias como policía judicial (art.6.2.b)
-
| valign="top" | <br>
+
 
-
| valign="top" | <br>
+
El personal del Centro Nacional de Inteligencia en el curso de investigaciones de seguridad sobre personas o entidades (art.6.2.c)
-
| valign="top" | <br>
+
 
-
| valign="top" | <br>
+
For the detection, investigation and prosecution of the serious crimes considered in the Criminal Code or in the special criminal laws
-
| valign="top" | <br>
+
| valign="top" | None (as yet)<br>
-
| valign="top" | <br>
+
| valign="top" | Access Info Europe (http://www.access-info.org/en/civil-liberties)<br>
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
| valign="top" | <br>
| valign="top" | <br>
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
-
| valign="top" | '''Data to be retained beyond the directive's requirements: fixed line telephony''' None <br>
+
| valign="top" | '''Data to be retained beyond the directive's requirements: fixed line telephony'''<br>
| valign="top" | '''Data to be retained beyond the directive's requirements: mobile telephony'''<br>
| valign="top" | '''Data to be retained beyond the directive's requirements: mobile telephony'''<br>
| valign="top" | '''Data to be retained beyond the directive's requirements: E-Mail'''<br>
| valign="top" | '''Data to be retained beyond the directive's requirements: E-Mail'''<br>
Zeile 1.123: Zeile 1.057:
=== Sweden ===
=== Sweden ===
-
| valign="top" | '''Not yet'''<br>
+
| valign="top" | yes, as of May 2012
-
| valign="top" | <br>
+
| valign="top" | 6 months
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.138: Zeile 1.072:
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 1.156: Zeile 1.090:
=== United Kingdom ===
=== United Kingdom ===
-
| valign="top" | partial<br>
+
| valign="top" | yes, as of 26/07/2007 (Internet 06/04/2009)
| valign="top" | 12 months<br>
| valign="top" | 12 months<br>
| valign="top" |
| valign="top" |
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_UK Reported:]
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT#FIELD_UK Reported:]
-
The Data Retention (EC Directive) Regulations 2007. Statutory instrument (SI) , no.: Statutory Instrument 20; Her Majesty's Stationery Office (HMSO) , no.: [[/index.php?title=Spezial:ISBN-Suche&isbn=9780110783284|ISBN 978 0 11 078328 4]]&nbsp;; date into force/en vigueur: 01/10/2007&nbsp;; ref.: (MNE(2007)57200) <br>
+
The Data Retention (EC Directive) Regulations 2007. Statutory instrument (SI) , no.: Statutory Instrument 20; Her Majesty's Stationery Office (HMSO) , no.: [[/index.php?title=Spezial:ISBN-Suche&isbn=9780110783284|ISBN 978 0 11 078328 4]]&nbsp;; date into force/en vigueur: 01/10/2007&nbsp;; ref.: (MNE(2007)57200)
 +
 
 +
The Data Retention (EC Directive) Regulations 2009. Statutory instrument (SI), number: 2009 no 859; Official Journal: Her Majesty's Stationery Office (HMSO), number: SI 2009 no 859, Entry into force: 06/04/2009; Reference: (MNE(2010)53135)
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.170: Zeile 1.106:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | For the investigation, detection and prosecution of serious crime
-
| valign="top" | <br>
+
| valign="top" | EU Court of Justice (pending): [http://curia.europa.eu/juris/fiche.jsf?id=C;623;17;RP;1;P;1;C2017/0623/P&lgrec=en&language=en Reference of 31 October 2017 on UK bulk communications data orders]
-
| valign="top" | <br>
+
| valign="top" | Privacy International
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Non-EU- State<br>'''
| valign="top" | '''Non-EU- State<br>'''
Zeile 1.189: Zeile 1.125:
| valign="top" | '''Competent NGO'''<br>
| valign="top" | '''Competent NGO'''<br>
|-
|-
-
| valign="top" |
+
| valign="top" |
-
 
+
=== Iceland ===
=== Iceland ===
Zeile 1.196: Zeile 1.131:
| valign="top" | yes
| valign="top" | yes
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | Telecommunication Act 81/2003 (as amended in April 2005)
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.210: Zeile 1.145:
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 1.227: Zeile 1.162:
=== Liechtenstein ===
=== Liechtenstein ===
-
| valign="top" | yes
+
| valign="top" | no
-
| valign="top" | 6 months
+
| valign="top" |
-
| valign="top" | Telekommunikationsgesetz (2006)
+
| valign="top" |
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.243: Zeile 1.178:
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Member State<br>'''
| valign="top" | '''Member State<br>'''
-
| valign="top" | '''EU directive transposed?'''<br>
+
| valign="top" | '''Data retention in force?'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Data Retention Period'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
| valign="top" | '''Legal instruments and date of entry into force'''<br>
Zeile 1.261: Zeile 1.196:
=== Norway ===
=== Norway ===
-
| valign="top" | not yet<br>
+
| valign="top" | no, law enacted in [http://www.globallawwatch.com/2011/04/norway-implements-e-u-data-retention-directive-data-protection-authority-remains-critical/ April 2012] has never been implemented
-
| valign="top" | <br>
+
| valign="top" |
| valign="top" |
-
[http://www.stortinget.no/no/Saker-og-publikasjoner/Saker/Sak/?p=48650 Case Status in the Parliament]<br>
 
- 
-
The leading government party Arbeiderpartiet wants the policy implemented and has proposed to the parliament at 2010-12-17. <br>
 
- 
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.277: Zeile 1.207:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | [http://www.digitaltpersonvern.no/ planned]
 +
| valign="top" | [http://www.digitaltpersonvern.no/ digitaltpersonvern.no]
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
Zeile 1.295: Zeile 1.226:
| valign="top" | '''Competent NGO'''<br>
| valign="top" | '''Competent NGO'''<br>
|-
|-
-
| valign="top" |
+
| valign="top" |
 +
 
=== Switzerland ===
=== Switzerland ===
 +
| valign="top" | yes, as of 2002
 +
| valign="top" | 6 months
 +
| valign="top" |
 +
* [http://www.admin.ch/ch/d/sr/780_1/a15.html Article 15 Bundesgesetz vom 6. Oktober 2000 betreffend die Überwachung des Post- und Fernmeldeverkehrs (BÜPF)], in force 1 Jan 2002
 +
* [http://www.admin.ch/ch/d/sr/c780_11.html Verordnung vom 31. Oktober 2001 über die Überwachung des Post- und Fernmeldeverkehrs (VÜPF)], in force 1 Jan 2002
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
Zeile 1.303: Zeile 1.240:
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
| valign="top" | <br>
 +
| valign="top" | Buyers of prepaid mobile phone cards must be identified and registered by ID document (name, address, date of birth). According to a [http://jumpcgi.bger.ch/cgi-bin/JumpCGI?id=08.01.2010_6B_766/2009 court decision], web server access logs including IP addresses must be retained for 6 months.
 +
| valign="top" | operators of fixed line and mobile telephony, public ip-based telecommunications services
| valign="top" | <br>
| valign="top" | <br>
-
| valign="top" | <br>
+
| valign="top" | no
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
-
| valign="top" | <br>
+
| valign="top" | <br>
| valign="top" | <br>
 +
|- bgcolor="#eeeeee"
|- bgcolor="#eeeeee"
| valign="top" | '''Non-EU-State<br>'''
| valign="top" | '''Non-EU-State<br>'''
Zeile 1.327: Zeile 1.262:
| valign="top" | '''Competent NGO'''<br>
| valign="top" | '''Competent NGO'''<br>
|-
|-
-
| valign="top" | Switzerland
+
| valign="top" |
-
| valign="top" | yes, as of 2002
+
 
-
| valign="top" | 6 months
+
=== Turkey ===
 +
 
 +
| valign="top" | Censorship & Data retention regulated by Law 5651 in 2007
 +
| valign="top" | 6 months to 2 years
| valign="top" |
| valign="top" |
-
* [http://www.admin.ch/ch/d/sr/c780_1.html Bundesgesetz vom 6. Oktober 2000 betreffend die Überwachung des Post- und Fernmeldeverkehrs (BÜPF)], in force 1 Jan 2002
+
* [http://www.tbmm.gov.tr/kanunlar/k5651.html Law 5651: Law for regulating publications made on the domain of Internet and fighting crimes made through these publications], in force 4 May 2007
-
* [http://www.admin.ch/ch/d/sr/c780_11.html Verordnung vom 31. Oktober 2001 über die Überwachung des Post- und Fernmeldeverkehrs (VÜPF)], in force 1 Jan 2002
+
* [http://www.tbmm.gov.tr/kanunlar/k5397.html Law 5397: Law for modifying some other laws], in force 3 July 2005
-
| valign="top" | <br>
+
| valign="top" | Phone lines are tapped by police and used as 'evidence' for prosecuting activities vaguely associated with 'terrorist organizations', based on anti-terror law TMK. <br>
-
| valign="top" | <br>
+
| valign="top" | Mobile phones are tapped for the same reason. They also secretly record 'audio surveillance' from meetings of legal parties, unions, even mayor's office, state institutions.<br>
-
| valign="top" | <br>
+
| valign="top" | E-mails can also be used as 'evidence', but not used as much as audio surveillance and phone tapping, yet. ICTA develops DPI systems, considers it 'state secret'.<br>
-
| valign="top" | <br>
+
| valign="top" | Law 5651 requires every ISP to block any illegal content of any user upon being informed, if technically possible. It has to inform ICTA 3 months before closing down, and give the traffic records to ICTA (state authority)<br>
-
| valign="top" | <br>
+
| valign="top" | Same with e-mail. Yet to come.<br>
-
| valign="top" | Buyers of prepaid mobile phone cards must be identified and registered by ID document (name, address, date of birth)
+
| valign="top" | MOBESE is the system of police department where they collect all kinds of data for every citizen. They randomly make 'identity controls' on the street. Officers gain 'points' for doing so.
-
| valign="top" | operators of fixed line and mobile telephony, public ip-based telecommunications services
+
| valign="top" | Internet service providers, GSM operators. internet publishers, if they don't want to take responsibility.
-
| valign="top" | <br>
+
| valign="top" | 'Data protection law' is being 'prepared' for over 10 years, so god knows who. Law 5397 authorizes the national intelligence agency MIT to request data and documents about "issues in its field of duty" <br>
-
| valign="top" | no
+
| valign="top" | Social challenges pending! More so than legal challenges.
-
| valign="top" | <br>
+
| valign="top" | [http://www.alternatifbilisim.org/wiki/Ana_sayfa Alternative Informatics Association] [http://www.youtube.com/watch?v=xDA3FcTZOV8 english presentation in CCC]<br>
|}
|}
 +
Please update this table by entering information on [http://en.wikipedia.org/wiki/Data_retention data retention] in your country:
Please update this table by entering information on [http://en.wikipedia.org/wiki/Data_retention data retention] in your country:
-
*[http://wiki.vorratsdatenspeicherung.de/index.php?title=Transposition&action=submit edit using text editor]
+
*[http://wiki.vorratsdatenspeicherung.de/index.php?title=Transposition&action=submit edit using text editor]
== See also ==
== See also ==
-
*European Commission: [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:72006L0024:EN:NOT National provisions on data retention communicated by the member states]
+
* General Secretariat of the Council: [http://statewatch.org/news/2019/may/eu-council-data-retention-ms-situation-wk-3103-19.pdf Data retention - Situation in Member States] (6 March 2019)
 +
* Eurojust: [http://statewatch.org/news/2017/nov/eu-eurojust-data-retention-MS-report-10098-17.pdf Report on Data retention regimes in Europe] (6 November 2017)
 +
*Privacy International: [https://privacyinternational.org/sites/default/files/2017-12/Data%20Retention_2017.pdf National Data Retention Laws since the CJEU’s Tele-2/Watson Judgment] (September 2017)
 +
* Policy Observatory: [https://observatory.mappingtheinternet.eu/page/data-retention-legislation-europe Data retention legislation in Europe] (13 June 2017)
 +
* EU Council Presidency: [http://www.statewatch.org/news/2018/feb/eu-council-data-retention-state-of-play-ms-wk-5206-17-rev2.pdf Data Retention - State of play in the Member States] (13 June 2017)
 +
*European Commission: [http://eur-lex.europa.eu/search.html?type=advanced&or0=DN%3D72006L0024*,DN-old%3D72006L0024* National provisions on data retention communicated by the member states (2015)]
 +
*[https://www.openrightsgroup.org/assets/files/legal/Data_Retention_status_table_updated_April_2015_uploaded_finalwithadditions.pdf Data retention in the EU following the CJEU ruling (Apr 2015)]
 +
*Statewatch: [http://www.statewatch.org/news/2013/nov/Data-Retention-Directive-in-Europe-A-Case-Study.pdf#page=34 SECILE Report of November 2013]
 +
*Max Planck Institut für ausländisches und Internationales Strafrecht: [https://www.bmj.de/SharedDocs/Downloads/DE/pdfs/20120127_MPI_Gutachten_VDS_Langfassung.pdf?__blob=publicationFile#page=201 Schutzlücken durch Wegfall der Vorratsdatenspeicherung? (German), July 2011]
 +
*European Commission: [http://ec.europa.eu/commission_2010-2014/malmstrom/archive/20110418_data_retention_evaluation_en.pdf Evaluation report, April 2011]
*Ludwig Boltzmann Institut für Menschenrechte: [http://www.univie.ac.at/bim/php/bim/get.php?id=1010 Rechtsvergleichende Analyse im Hinblick auf die Umsetzung der Richtlinie 2006/24/EG über die Vorratsdatenspeicherung] (in German: details on data retention in BE, DK, DE, FR, GR, GB, IR, IT, NL, PT, ES, SE, CZ as of 2008-03-10)
*Ludwig Boltzmann Institut für Menschenrechte: [http://www.univie.ac.at/bim/php/bim/get.php?id=1010 Rechtsvergleichende Analyse im Hinblick auf die Umsetzung der Richtlinie 2006/24/EG über die Vorratsdatenspeicherung] (in German: details on data retention in BE, DK, DE, FR, GR, GB, IR, IT, NL, PT, ES, SE, CZ as of 2008-03-10)
*German Ministry of Justice: [https://www.vorratsdatenspeicherung.de/images/vb_bverfg_schreiben_2009-12-11_1-bvr-256-08.pdf Übersicht] zum Umsetzungsstand und zu Gerichtsverfahren (2009-11-27)
*German Ministry of Justice: [https://www.vorratsdatenspeicherung.de/images/vb_bverfg_schreiben_2009-12-11_1-bvr-256-08.pdf Übersicht] zum Umsetzungsstand und zu Gerichtsverfahren (2009-11-27)

Version vom 20:49, 5. Jun. 2019

Overview of national data retention policies (outdated, for updates see below)

Inhaltsverzeichnis


Please update this table by entering information on data retention in your country:

Data retention transposition schedule

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

(EU directive)

no longer in force 6-24 months (formerly) directive, 15 March 2006

Directive's requirements:

  1. the calling telephone number;
  2. the name and address of the subscriber or registered user;
  3. the number(s) dialled (the telephone number(s) called), and, in cases involving supplementary services such as call forwarding or call transfer, the number or numbers to which the call is routed;
  4. the name(s) and address(es) of the destination subscriber(s) or registered user(s);
  5. the date and time of the start and end of the communication;
  6. the telephone service used;
  7. the calling and called telephone numbers;

Directive's requirements:

  1. the calling telephone number;
  2. the name and address of the subscriber or registered user;
  3. the number(s) dialled (the telephone number(s) called), and, in cases involving supplementary services such as call forwarding or call transfer, the number or numbers to which the call is routed;
  4. the name(s) and address(es) of the destination subscriber(s) or registered user(s);
  5. the date and time of the start and end of the communication;
  6. the telephone service used;
  7. the calling and called telephone numbers;
  8. the International Mobile Subscriber Identity (IMSI) of the calling party;
  9. the International Mobile Equipment Identity (IMEI) of the calling party;
  10. the IMSI of the called party;
  11. the IMEI of the called party;
  12. in the case of pre-paid anonymous services, the date and time of the initial activation of the service and the location label (Cell ID) from which the service was activated;
  13. the location label (Cell ID) at the start of the communication;
  14. data identifying the geographic location of cells by reference to their location labels (Cell ID) during the period for which communications data are retained.

Directive's requirements:

  1. the user ID(s) allocated;
  2. the user ID and telephone number allocated to any communication entering the public telephone network;
  3. the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
  4. the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;
  5. the date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;
  6. the Internet service used;
  7. the calling telephone number for dial-up access;
  8. the digital subscriber line (DSL) or other end point of the originator of the communication;

Directive's requirements:

  1. the user ID(s) allocated;
  2. the user ID and telephone number allocated to any communication entering the public telephone network;
  3. the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
  4. the date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and the user ID of the subscriber or registered user;
  5. the calling telephone number for dial-up access;
  6. the digital subscriber line (DSL) or other end point of the originator of the communication;

Directive's requirements:

  1. the user ID(s) allocated;
  2. the user ID and telephone number allocated to any communication entering the public telephone network;
  3. the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
  4. the user ID or telephone number of the intended recipient(s) of an Internet telephony call;
  5. the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;
  6. the date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;
  7. the Internet service used;
  8. the calling telephone number for dial-up access;
  9. the digital subscriber line (DSL) or other end point of the originator of the communication;
-
providers of publicly available electronic communications services or of a public communications network
competent national authorities in specific cases for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law
annulled in 2014 by EU Court of Justice EDRi
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Austria

no









data retention legislation annulled by Constitutional Court in 2014 AK Vorrat
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Belgium

12 months Electronic Telecommunications Act, 13th June 2005

Judicial coordination unit, examining magistrates, public prosecutor, criminal police for the investigation and prosecution of criminal offences, the prosecution of abuse of emergency services telephone number, investigation into malicious abuse of electronic communications network or service, for the purposes of intelligence-gathering missions undertaken by the intelligence and security services EU Court of Justice (pending): Reference of 2 August 2018 on Belgian data retention law (Ordre des barreaux francophones and germanophone) Liga voor Mensenrechten, NURPA, Ligue des droits de l'Homme / Ordre des barreaux francophones and germanophone
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Bulgaria

yes 6 months Data retention law annulled by Constitutional Court in March 2015 but reinacted on 26 Mar




completed Access to Information Programme (AIP)
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Cyprus

yes 6 months

Reported:

Ο Περί Διατήρησης Τηλεπικοινωνιακών Δεδομένων με Σκοπό τη Διεύρηνση Σοβαρών Ποινικών Αδικημάτων Νόμος του 2007. Νόμος , no.: Ν. 183(Ι)/2007; Cyprus Gazette , no.: 4154 , date pub: 31/12/2007 , page: 01466-01483 ; date into force/en vigueur: 31/12/2007 ; ref.: (MNE(2008)50638)







For investigation of a serious criminal offence Supreme Court ruled 1 Feb 2011 that retained data can only be accessed "in cases of convicted and unconvicted prisoners and business correspondence and communication of bankrupts during the bankruptcy administration" (Art. 17 of Constitution)
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Czech Republic

yes, reimplementation as of November 2012 6 months Act 273/2012 Coll (amendment of the data retention acts)

public notice (adjustment circuit stored data, transmission of data etc.)


being considered Iuridicum Remedium (IuRe)
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Denmark

yes
12 months

Reported:

  1. Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik. Bekendtgørelse , no.: 988; Lovtidende A , date pub: 13/10/2006 ; date into force/en vigueur: 15/09/2007 ; ref.: (MNE(2007)56962)
  2. Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik. Bekendtgørelse , no.: 988; Lovtidende A , date pub: 13/10/2006 ; date into force/en vigueur: 15/09/2007 ; ref.: (MNE(2007)56966)
  3. Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik (logningsbekendtgørelsen). Bekendtgørelse , no.: 988; Lovtidende A , date pub: 13/10/2006 ; date into force/en vigueur: 15/09/2007 ; ref.: (MNE(2007)56970)

first and last cell used during the communication to be retained
location of hotspots needs to be registered
Implementation applies even to non-public communication services except for public institutions
For the investigation and prosecution of criminal acts no
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Estonia

yes, as of 01/01/2008 (Internet 15/03/2009) 12 months

Reported:

ELEKTROONILISE SIDE SEADUSE JA RAHVATERVISE SEADUSE MUUTMISE SEADUS. seaduse parandus , no.: RTI, 07.12.2007, 63, 397 ; Elektrooniline Riigi Teataja , no.: RTI, 07.12.2007, 63, 397 ; ref.: (MNE(2007)58607)








for criminal proceedings of a criminal offence [in the first degree or an intentionally committed criminal offence in second degree with a penalty of imprisonment of at least three years]

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Finland

yes, as of 23/05/2008 (Internet 15/03/2009) 6-12 months Reported:
  1. Viestintäviraston määräys tunnistamistietojen tallennusvelvollisuudesta / Kommunikationsverkets föreskrift om skyldighet att lagra identifieringsuppgifter
  2. Laki sähköisen viestinnän tietosuojalain muuttamisesta / Lag om ändring av lagen om dataskydd vid elektronisk kommunikation

English translation


12 months
6 months 9 months
Only operators of certain size For investigating, detecting and prosecuting serious crimes as set out in Chapter 5a, Article 3(1) of the Coercive Measures Act no
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

France

yes, as of 24/03/2006 12 months

Reported:

Décret no 2006-358 du 24 mars 2006 relatif à la conservation des données des communications électroniques. Décret , no.: 2006-358; Journal Officiel de la République Française (JORF) , date pub: 26/03/2006 ; date into force/en vigueur: 27/03/2006 ; ref.: (MNE(2007)56763)







For the detection, investigation, and prosecution of criminal offences, and for the purpose of providing judicial authorities with information needed, and for the prevention of acts of terrorism and protecting intellectual property EU Court of Justice (pending): Reference of 3 August 2018 on French data retention law La Quadrature du Net and others
Member State Data retention in force? Data Retention Period Legal instruments and date of entry into force Data to be retained beyond the directive's requirements: fixed line telephony Data to be retained beyond the directive's requirements: mobile telephony Data to be retained beyond the directive's requirements: E-Mail Data to be retained beyond the directive's requirements: Internet access Data to be retained beyond the directive's requirements: Internet telephony Data to be retained beyond the directive's requirements: other Who is compelled to retain data? Who is authorised to access retained data and for what purposes? Legal challenges pending? Competent NGO

Germany

Legislation in force, but currently not being applied due to court order

4 to 10 weeks

Telecommunications Act, Art. 113b

-

main direction of mobile telephone antennas

(not covered)

-

-

Any person providing or assisting in providing telecommunications services and in so doing allocating subscription IDs or providing telecommunications connections for IDs allocated by other parties (applies to telephony and DSL lines, including prepaid services, but not e-mail services) is to collect, prior to activation, and store the name and address of the allocation holder, the date of birth and in the case of fixed lines, additionally the address for the line, even if such data are not required for operational purposes (§ 111 TKG). The subscriber directories are electronically accessible by all German law enforcement and intelligence agencies (§ 112 TKG).

providers of publicly accessible telecommunications services for end user

  1. the police, courts and public prosecutors for the prosecution of crime
  2. the police for the prevention of substantial dangers to public safety
  3. secret services for intelligence purposes (IP addresses)

yes, several complaints with the Federal Constitutional Court

Working Group on Data Retention (AK Vorrat), Digitalcourage and others

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Greece

yes 12 months Data retention law no. 3917 dated 21-02-2011




providers of publicly available electronic communications services or public communications networks For the purpose of detecting particularly serious crimes

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Hungary

yes 12 months Reported: 15 acts







To enable investigating bodies, the public prosecutor, the courts and national

security agencies to perform their duties, and to enable police and the National Tax and Customs Office to investigate intentional crimes carrying a prison term of two or more years

yes, Constitutional Court challenge brought by theHungarian Civil Liberties Union (HCLU)
Hungarian Civil Liberties Union (HCLU)
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Ireland

Yes.

25 months phone records, 13 months Internet records (may be kept for up to 25 months). Communications (Retention of Data) Act 2011. Unsuccessful calls to be retained Unsuccessful calls to be retained For the prevention of serious offences (i.e. offences punishable by imprisonment for a term of 5 years or more, or an offence in schedule to the transposing law), safeguarding of the security of the state and the saving of human life. Data may be accessed
  • with consent of a person to whom data relates or
  • in accordance with a court order (including civil litigation) or
  • authorised by the Data Protection Commissioner or
  • Garda not below rank of Chief Superintendent or
  • Officer not below rank of colonel of Permanent Defence Force or
  • Officer of Revenue Commissioners not below rank of principal officer

yes, High Courtchallenge brought by DRI (latest updates), still pending

Digital Rights Ireland

See background on Irish law here.

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Italy

yes
24 months, Internet 12 months

Reported:

Attuazione della direttiva 2006/24/CE riguardante la conservazione dei dati generati o trattati nell'ambito della fornitura di servizi di comunicazione elettronica accessibili al pubblico o di reti pubbliche di comunicazione e che modifica la direttiva 2002/58/CE.








For detecting and suppressing criminal offences

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Latvia

yes, as of 07/06/2007 (Internet 15/02/2009) 18 months

Reported:

  1. Kārtība, kādā pirmstiesas izmeklēšanas iestādes, operatīvās darbības subjekti, valsts drošības iestādes, prokuratūra un tiesa pieprasa un elektronisko sakaru komersants nodod saglabājamos datus, kā arī kārtība, kādā apkopo statistisko informāciju par saglabājamo datu pieprasījumiem un to izsniegšanu. Ministru Kabineta noteikumi , no.: 820; Latvijas Vēstnesis , no.: 197 , date pub: 07/12/2007 ; date into force/en vigueur: 08/12/2007 ; ref.: (MNE(2008)50003)
  2. Grozījumi Elektronisko sakaru likumā. Likums; Latvijas Vēstnesis , no.: 83 , date pub: 24/05/2007 ; date into force/en vigueur: 07/06/2007 ; ref.: (MNE(2007)54265)







To protect state and public security or to ensure the investigation of criminal offences, criminal prosecution and criminal court proceedings

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Lithuania

yes
6 months

Reported:

  1. Lietuvos Respublikos asmens duomenų teisinės apsaugos įstatymo pakeitimo įstatymas Nr. X-1444
  2. Lietuvos Respublikos elektroninių ryšių įstatymas Nr. IX-2135







For the investigation, detection and prosecution of serious and very serious crimes, as defined by the Lithuanian Criminal Code

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Luxemburg

yes 6 months

Reported:

Loi concernant la protection de la vie privée dans le secteur des communications électroniques

Règlement grand-ducal du 24 juillet 2010 déterminant les catégories de données à caractère personnel générées ou traitées dans le cadre de la fourniture de services de communications électroniques ou de réseaux de communications publics








For the detection, investigation, and prosecution of criminal offences carrying a criminal sentence of a maximum one year or more

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Malta

yes
12 months, Internet 6 months

Reported:

  1. L.N. 198 of 2008 Data Protection Act (Cap. 440) Processing of Personal Data(Electronic Communications Sector) (Amendment) Regulations, 2008
  2. L.N. 199 of 2008 Electronic Communications (Regulation) Act (CAP. 399)Electronic Communications (Personal Data and Protection of Privacy) (Amendment) Regulations, 2008








For investigation, detection or prosecution of serious crime

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Netherlands

no Court annulled data retention law in March 2015








Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Poland

yes
12 months 1. The Telecommunication Law Amendment of 24 April 2009 (Journal Od Laws of 2009, No.85 item 716).
2.The Regulation of the Minister of Infrastructure of 28 December 2009 on a detailed specification of data and types of operators of public telecommunications networks or providers of publicly available telecommunications services obliged for its retention and storage, Journal of Laws of 2009, No 226 item 1828, went into force on 1 January 2010.
unsuccessful call attempts unsuccessful call attempts, data identifying beam and working range of antenna of BTS



No court order required. Six secret services, police, courts and prosecution have a right to request data. For the prevention or detection of crime (even if not serious), for prevention and detection of fiscal offences, for use by prosecutors and courts if relevant to the court proceedings pending, for the purpose of the Internal Security Agency, Foreign Intelligence Agency, Central Anti-Corruption Bureau, Military Counter-intelligence Services and Military Intelligence Services to perform their tasks no Panoptykon
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Portugal

yes, as of 08/2009 12 months

Reported:

Assembleia da República-Transpõe para a ordem jurídica interna a Directiva n.º 2006/24/CE, do Parlamento Europeu e do Conselho, de 15 de Março, relativa à conservação de dados gerados ou tratados no contexto da oferta de serviços de comunicações electrónicas publicamente disponíveis ou de redes públicas de comunicações








For the investigation, detection and prosecution of serious crime

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Romania

no, as of 2014








data retention legislation annulled by Constitutional Court in 2014 APTI

Comisariatul pentru Societatea Civila

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Slovakia

no, as of April 2015 - declared unconstitutional











European Information Society Institute (EISI)
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Slovenia

no






data retention legislation annulled by Constitutional Court in 2014
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Spain

yes, as of 09/11/2007 12 months; can be reduced or extended to a minimum of 6 months and a maximum of 24 months, on request of the compentent authorities

Reported:

LEY 25/2007, de 18 de octubre, de conservación de datos relativos a las comunicaciones electrónicas y a las redes públicas de comunicaciones. Ley , no.: 25/2007; Boletín Oficial del Estado ( B.O.E ) , no.: 251/2007 , date pub: 19/10/2007 , page: 42517-42523 ; date into force/en vigueur: 08/11/2007 ; ref.: (MNE(2007)57464)

None
None
None
None
None
None
same as the Directive: telecomunications providers; los operadores que presten servicios de comunicaciones electrónicas disponibles al público o exploten redes públicas de comunicaciones (art.2)
All Police/Security forces when acting under an order of the Attorney General or Courts of Justice

Miembros de las Fuerzas y Cuerpos de Seguridad del Estado, cuando desempeñen funciones de Policia Judicial (art.6.2.a)

Funcionarios de la Dirección Adjunta de Vigilancia Aduanera, en el desarrollo de sus competencias como policía judicial (art.6.2.b)

El personal del Centro Nacional de Inteligencia en el curso de investigaciones de seguridad sobre personas o entidades (art.6.2.c)

For the detection, investigation and prosecution of the serious crimes considered in the Criminal Code or in the special criminal laws

None (as yet)
Access Info Europe (http://www.access-info.org/en/civil-liberties)

Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Sweden

yes, as of May 2012 6 months









New Renaissance
Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

United Kingdom

yes, as of 26/07/2007 (Internet 06/04/2009) 12 months

Reported:

The Data Retention (EC Directive) Regulations 2007. Statutory instrument (SI) , no.: Statutory Instrument 20; Her Majesty's Stationery Office (HMSO) , no.: ISBN 978 0 11 078328 4 ; date into force/en vigueur: 01/10/2007 ; ref.: (MNE(2007)57200)

The Data Retention (EC Directive) Regulations 2009. Statutory instrument (SI), number: 2009 no 859; Official Journal: Her Majesty's Stationery Office (HMSO), number: SI 2009 no 859, Entry into force: 06/04/2009; Reference: (MNE(2010)53135)








For the investigation, detection and prosecution of serious crime EU Court of Justice (pending): Reference of 31 October 2017 on UK bulk communications data orders Privacy International
Non-EU- State
Data retention implemented ?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Iceland

yes
Telecommunication Act 81/2003 (as amended in April 2005)









Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Liechtenstein

no









Member State
Data retention in force?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Norway

no, law enacted in April 2012 has never been implemented








planned digitaltpersonvern.no
Non-EU-State
Data retention implemented ?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Switzerland

yes, as of 2002 6 months




Buyers of prepaid mobile phone cards must be identified and registered by ID document (name, address, date of birth). According to a court decision, web server access logs including IP addresses must be retained for 6 months. operators of fixed line and mobile telephony, public ip-based telecommunications services
no
Non-EU-State
Data retention implemented ?
Data Retention Period
Legal instruments and date of entry into force
Data to be retained beyond the directive's requirements: fixed line telephony
Data to be retained beyond the directive's requirements: mobile telephony
Data to be retained beyond the directive's requirements: E-Mail
Data to be retained beyond the directive's requirements: Internet access
Data to be retained beyond the directive's requirements: Internet telephony
Data to be retained beyond the directive's requirements: other
Who is compelled to retain data?
Who is authorised to access retained data and for what purposes?
Legal challenges pending?
Competent NGO

Turkey

Censorship & Data retention regulated by Law 5651 in 2007 6 months to 2 years Phone lines are tapped by police and used as 'evidence' for prosecuting activities vaguely associated with 'terrorist organizations', based on anti-terror law TMK.
Mobile phones are tapped for the same reason. They also secretly record 'audio surveillance' from meetings of legal parties, unions, even mayor's office, state institutions.
E-mails can also be used as 'evidence', but not used as much as audio surveillance and phone tapping, yet. ICTA develops DPI systems, considers it 'state secret'.
Law 5651 requires every ISP to block any illegal content of any user upon being informed, if technically possible. It has to inform ICTA 3 months before closing down, and give the traffic records to ICTA (state authority)
Same with e-mail. Yet to come.
MOBESE is the system of police department where they collect all kinds of data for every citizen. They randomly make 'identity controls' on the street. Officers gain 'points' for doing so. Internet service providers, GSM operators. internet publishers, if they don't want to take responsibility. 'Data protection law' is being 'prepared' for over 10 years, so god knows who. Law 5397 authorizes the national intelligence agency MIT to request data and documents about "issues in its field of duty"
Social challenges pending! More so than legal challenges. Alternative Informatics Association english presentation in CCC


Please update this table by entering information on data retention in your country:

See also

Persönliche Werkzeuge
Werkzeuge