Mandatory Data Retention
Law enforcement agencies throughout the world are pushing for invasive laws that force Internet Service Providers (ISPs) and telecom providers to continuously collect and store records documenting the online activities of millions of ordinary users.
Mandatory data retention regimes are usually paired with provisions that allow investigators to obtain these records. These regimes expand the ability of governments to surveil its citizens, ultimately damaging individuals privacy, anonymity, and free expression.
In countries with strong online privacy laws, mandatory data retention schemes have overridden key requirements for the protection of personal information. Data protection laws typically compel companies to limit their collection of personal information for a specific purpose [e.g. billing], and keep their data for only a specific period of time before destroying or anonymizing it.
How It Works
Most ISPs and telcos give subscribers an IP address that changes periodically. Mandatory data retention proposals force ISPs and telecom providers to keep records of their IP address allocations for a certain period of time. This allows law enforcement to ask ISPs and telecom providers to identify an individual on the basis of who had a given IP address at a particular date and time.
Why You Should Care
Government mandated data retention impacts millions of ordinary users compromising online anonymity which is crucial for whistle-blowers, investigators, journalists, and those engaging in political speech. National data retention laws are invasive, costly, and damage the right to privacy and free expression. They compel ISPs and telcos to create large databases of information about who communicates with whom via Internet or phone, the duration of the exchange, and the users’ location. These regimes require that your IP address be collected and retained for every step you make online. Privacy risks increase as these databases become vulnerable to theft and accidental disclosure. Service providers must absorb the expense of storing and maintaining these large databases and often pass these costs on to consumers.
EFF Opposes Mandatory Data Retention Schemes
Mandatory data retention creates huge potential for abuse and should be rejected as a serious infringement on the rights and freedoms of individuals. These laws support pervasive surveillance of every ordinary citizen and should not be tolerated in countries where freedom is valued. Courts in Romania, Germany, and the Czech Republic have ruled that national data retention laws based on the 2006 European Data Retention Directive, are unconstitutional. A court in Ireland has referred a data retention case to the European Court of Justice and questioned the legality of the entire EU Data Retention Directive.
Together with EDRI, AK Vorrat, and other civil society advocates, EFF continues to fight for the repeal of the EU Data Retention Directive and oppose blanket Mandatory Data Retention proposals throughout the world.
EFF Related Content: Mandatory Data Retention
- El pasado 27 de Julio, el Poder Ejecutivo del Perú aprobó el Decreto Legislativo 1182 que permite al Estado acceder, en casos de flagrancia, a los datos de tu ubicación sin una orden judicial. Además obliga a las empresas operadoras de telefonía e Internet a retener los...
- Los ciudadanos y ciudadanas del Perú entienden los peligros de la vigilancia omnipresente. El ex jefe de espionaje Vladimiro Montesinos, está cumpliendo una larga condena por corrupción y violaciones a los derechos humanos, ya que en el año 2000, autoridades locales incautaron unas 2.400 cintas hechas por Montesinos, con las...
- Peruvians understand the dangers of pervasive surveillance. Peru's ex-spy chief, Vladimiro Montesinos is serving a long jail sentence for corruption and human rights abuses. In 2000, Peruvian authorities seized about 2,400 videotapes made by Montesinos, which he used to manipulate political opponents and journalists whom he caught...
- El Presidente de Perú Ollanta Humala firmó el pasado 27 de julio el Decreto Legislativo 1182 que permite a la policía acceder sin órden judicial y en tiempo real a los datos de localización de manera 24/7 en casos de flagrante delito. Pero eso no la peor...