Mandatory Data Retention

Law enforcement agencies throughout the world are pushing for invasive laws that force Internet Service Providers (ISPs) and telecom providers to continuously collect and store records documenting the online activities of millions of ordinary users.

Mandatory data retention regimes are usually paired with provisions that allow investigators to obtain these records. These regimes expand the ability of governments to surveil its citizens, ultimately damaging individuals privacy, anonymity, and free expression.

In countries with strong online privacy laws, mandatory data retention schemes have overridden key  requirements for the protection of personal information. Data protection laws typically compel companies to limit their collection of personal information for a specific purpose [e.g. billing], and keep their data for only a specific period of time before destroying or anonymizing it.

How It Works

Most ISPs and telcos give subscribers an IP address that changes periodically. Mandatory data retention proposals force ISPs and telecom providers to keep records of their IP address allocations for a certain period of time. This allows law enforcement to ask ISPs and telecom providers to identify an individual on the basis of who had a given IP address at a particular date and time.

Why You Should Care

Government mandated data retention impacts millions of ordinary users compromising online anonymity which is crucial for whistle-blowers, investigators, journalists, and those engaging in political speech. National data retention laws are invasive, costly, and damage the right to privacy and free expression. They compel ISPs and telcos to create large databases of information about who communicates with whom via Internet or phone, the duration of the exchange, and the users’ location. These regimes require that your IP address be collected and retained for every step you make online. Privacy risks increase as these databases become vulnerable to theft and accidental disclosure. Service providers must absorb the expense of storing and maintaining these large databases and often pass these costs on to consumers.

EFF Opposes Mandatory Data Retention Schemes

Mandatory data retention creates huge potential for abuse and should be rejected as a serious infringement on the rights and freedoms of individuals. These laws support pervasive surveillance of every ordinary citizen and should not be tolerated in countries where freedom is valued. Courts in Romania, Germany, and the Czech Republic have ruled that national data retention laws based on the 2006 European Data Retention Directive, are unconstitutional. A court in Ireland has referred a data retention case to the European Court of Justice and questioned the legality of the entire EU Data Retention Directive.

Together with EDRI, AK Vorrat, and other civil society advocates, EFF continues to fight for the repeal of the EU Data Retention Directive and oppose blanket Mandatory Data Retention proposals throughout the world.

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Once again, @RIAA asks a court to order the entire world to block & filter an app they don't like. #SOPApower

Oct 13 @ 4:48pm

The JPEG Committee is considering ways to improve image privacy and security. Adding DRM to JPEG would do neither.

Oct 13 @ 4:35pm

These 21 tech companies have come out unequivocally against crypto back doors. Obama should join them.

Oct 13 @ 4:15pm
JavaScript license information