Mandatory Data Retention
Law enforcement agencies throughout the world are pushing for invasive laws that force Internet Service Providers (ISPs) and telecom providers to continuously collect and store records documenting the online activities of millions of ordinary users.
Mandatory data retention regimes are usually paired with provisions that allow investigators to obtain these records. These regimes expand the ability of governments to surveil its citizens, ultimately damaging individuals privacy, anonymity, and free expression.
In countries with strong online privacy laws, mandatory data retention schemes have overridden key requirements for the protection of personal information. Data protection laws typically compel companies to limit their collection of personal information for a specific purpose [e.g. billing], and keep their data for only a specific period of time before destroying or anonymizing it.
How It Works
Most ISPs and telcos give subscribers an IP address that changes periodically. Mandatory data retention proposals force ISPs and telecom providers to keep records of their IP address allocations for a certain period of time. This allows law enforcement to ask ISPs and telecom providers to identify an individual on the basis of who had a given IP address at a particular date and time.
Why You Should Care
Government mandated data retention impacts millions of ordinary users compromising online anonymity which is crucial for whistle-blowers, investigators, journalists, and those engaging in political speech. National data retention laws are invasive, costly, and damage the right to privacy and free expression. They compel ISPs and telcos to create large databases of information about who communicates with whom via Internet or phone, the duration of the exchange, and the users’ location. These regimes require that your IP address be collected and retained for every step you make online. Privacy risks increase as these databases become vulnerable to theft and accidental disclosure. Service providers must absorb the expense of storing and maintaining these large databases and often pass these costs on to consumers.
EFF Opposes Mandatory Data Retention Schemes
Mandatory data retention creates huge potential for abuse and should be rejected as a serious infringement on the rights and freedoms of individuals. These laws support pervasive surveillance of every ordinary citizen and should not be tolerated in countries where freedom is valued. Courts in Romania, Germany, and the Czech Republic have ruled that national data retention laws based on the 2006 European Data Retention Directive, are unconstitutional. A court in Ireland has referred a data retention case to the European Court of Justice and questioned the legality of the entire EU Data Retention Directive.
Together with EDRI, AK Vorrat, and other civil society advocates, EFF continues to fight for the repeal of the EU Data Retention Directive and oppose blanket Mandatory Data Retention proposals throughout the world.
EFF Related Content: Mandatory Data Retention
- The Supreme Court of Justice of Mexico (SCJN) is about to issue its decision on an injunction against a provision of the Federal Telecommunications Act (also known as Ley Telecom) that requires telephone companies and internet service providers to retain data about their users’ communications for a period of 24...
- En México, la Segunda Sala de la Suprema Corte de Justicia de la Nación (SCJN) está a punto de resolver los juicios de amparo contra la disposición de la Ley Federal de Telecomunicaciones (also know as Ley Telecom) que obliga a las operadoras de telefonía y empresas proveedores de Internet...
- It is a truth universally acknowledged that a government, in the wake of a national security crisis—or hostage to the perceived threat of one—will pursue and in many cases enact legislation that is claimed to protect its citizens from danger, actual or otherwise. These security laws often include wide-ranging provisions...
- En una carta abierta dirigida a la Comisión de Constitución y Reglamento del Congreso del Perú, que será responsable de la revisión del Decreto Legislativo 1182 firmado por la Presidencia del país latinoamericano, diversas organizaciones internacionales defensoras de los derechos humanos en el mundo digital han expresado su...
- In an open letter directed to the congress of Peru’s Commission on Constitution and Rules, a coalition of international human rights organizations have expressed their concern about Legislative Decree 1182 (“DL 1182,” “Ley Acosadora,” or “Stalker Law” in English )--a Peruvian bill that allows law enforcement access...