A data retention policy is a recognized and proven protocol within an organization for retaining information for operational use while ensuring adherence to the laws and regulations concerning them.
[9] It requires telecommunication providers and ISPs to retain telephony, Internet and email metadata for two years, accessible without a warrant, and could possibly be used to target file sharing.
[12] The Greens were strongly opposed to the introduction of these laws, citing privacy concerns and the increased prospect of 'speculative invoicing' over alleged copyright infringement cases.
[13][14] The Labor Party initially opposed as well, but later agreed to passing the law after additional safeguards were put in place to afford journalists some protection.
[17][18] It required Member States to ensure that communications providers retain data as specified in the Directive for a period of between 6 months and 2 years in order to: The data was required to be available to "competent" national authorities "for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law".
[20] It concluded that data retention was a valuable tool for ensuring criminal justice and public protection, but that it had achieved only limited harmonisation.
[21] In November 2012, answers to a parliamentary inquiry in the German Bundestag revealed plans of some EU countries including France to extend data retention to chats and social media.
Furthermore, the German Federal Office for the Protection of the Constitution (Germany's domestic intelligence agency) has confirmed that it has been working with the ETSI LI Technical Committee since 2003.
The council's Legal Services was reported to have stated in closed session that paragraph 59 of the European Court of Justice's ruling "suggests that general and blanket data retention is no longer possible".
Since the Swedish implementation of the directive was kept in a similar manner, the Swedish implementation was brought to the European Court by the telecom provider Tele2, and the case was merged with a similar case from the United Kingdom, initiated by three persons with intervention by Open Rights Group, Privacy International and The Law Society of England and Wales.
Among other things, the Court considered that an undifferentiated and generalized obligation to store all traffic and location data relating to all people did not respect the proportionality principle.
[50] In response to this decision, the parliament created a data retention working party, which studied the subject for more than a year and held several hearings with experts.
[53] This time, the President of the Republic opted for not requesting a preventive rule from the Constitutional Court, and so the law was published and entered into force.
[67] Sweden implemented the EU's 2006 Data Retention Directive in May 2012, and it was fined €3 million by the Court of Justice of the European Union for its belated transposition (the deadline was 15 September 2007).
Following the judgement, PTS, Sweden's telecommunications regulator, told Swedish ISPs and telcos that they would no longer have to retain call records and internet metadata.
[74] Most of Sweden's major telecommunications companies complied immediately, though Tele2 appealed this order before the Administrative Court in Stockholm claiming that the Swedish implementation should be reversed following the directive being declared unvalid, including the fact that the Swedish implementation went further than the directive, including registration of failed telephone calls and the geographic endpoint of a mobile communications.
It is the answer by the United Kingdom parliament after a declaration of invalidity was made by the Court of Justice of the European Union in relation to Directive 2006/ 24/EC in order to make provision, about the retention of certain communications data.
"[79] The United Kingdom parliament its new laws increasing the power of data retention is essential to tackling crime and protecting the public.
After Europe's highest court said the depth of data retention breaches citizens' fundamental right to privacy and the UK created its own Act, it has led to the British government being accused of breaking the law by forcing telecoms and internet providers to retain records of phone calls, texts and internet usage.
In a television interview, the EU Advocate General Pedro Cruz Villalón highlighted the risk that the retained data might be used illegally in ways that are "potentially detrimental to privacy or, more broadly, fraudulent or even malicious".
The list of authorised bodies now includes:[84] The justifications for accessing retained data in the UK are set out in the Regulation of Investigatory Powers Act 2000 (RIPA).
[94] Switzerland only applies data retention to the largest Internet service providers with over 100 million CHF in annual Swiss-sourced revenue.
[95] The National Security Agency (NSA) commonly records Internet metadata for the whole planet for up to a year in its MARINA database, where it is used for pattern-of-life analysis.
[98] Various United States agencies leverage the (voluntary) data retention practised by many U.S. commercial organizations through programs such as PRISM and MUSCULAR.
If a company is based in the United States the Federal Bureau of Investigation (FBI) can obtain access to such information by means of a National Security Letter (NSL).
These secret subpoenas allow the FBI to demand that online service providers or ecommerce companies produce records of their customers' transactions.
They are accompanied by gag orders that allow no exception for talking to lawyers and provide no effective opportunity for the recipients to challenge them in court.
This secret subpoena authority, which was expanded by the controversial USA PATRIOT Act, could be applied to nearly any online service provider for practically any type of record, without a court ever knowing".
[106] The opponents of data retention make the following arguments: The current directive proposal (see above) would force ISPs to record the internet communications of its users.
For security conscious citizens with some basic technical knowledge, tools like I2P – The Anonymous Network, Tor, Mixmaster and the cryptography options integrated into any many modern mail clients can be employed.