Überwachung

Vorratsdatenspeicherung in Europa: Wo sie in Kraft ist und was die EU plant

Seit Jahren rangeln Gesetzgeber und Gerichte um die Vorratsdatenspeicherung. Der Europäische Gerichtshof hat die anlasslose Überwachung untersagt, viele EU-Staaten tun es trotzdem und der Rat startet jetzt einen neuen Anlauf auf EU-Ebene. Wir haben den Stand der Vorratsdatenspeicherung visualisiert und veröffentlichen eine Übersicht des Rates.

Landkarte mit Zombie
Altbekannter Zombie: Vorratsdatenspeicherung in der EU. OpenStreetMap-Mitwirkende unter Open Database License | Zombie: friendlystock-team

Der Zombie Vorratsdatenspeicherung (VDS) ist immer noch nicht erledigt, trotz zahlreicher Gerichtsurteile, die sowohl europäische als auch nationale VDS-Gesetze für ungültig erklärt haben. Diesen Donnerstag ist die anlasslose Massenüberwachung neuerlich Thema bei einem Treffen der EU-Minister*innen für Justiz und Inneres. Das Ziel des Rates ist es, eine Form der Speicherung finden, die nicht gleich wieder vom Europäischen Gerichtshof einkassiert wird. Der hatte nämlich strenge Vorgaben gemacht: keine Anlasslosigkeit, keine flächendeckende Speicherung.

Doch die EU-Staaten wünschen offenbar weiterhin flächendeckende Datenspeicherung. Angedachte Änderungen, die bisher verlautet wurden, sind eher kosmetisch. Auf eine Informationsfreiheitsanfrage von Digitalcourage wurde bekannt, dass die europäische Polizeiagentur Europol vorschlägt, lediglich einige technische Daten wie die Antennenlänge des benutzten Telekom-Geräts nicht zu erfassen. Sensible Metadaten wie Verbindungsteilnehmer, Nummern und anderes sollen jedoch weiterhin gespeichert werden. Ob die VDS überhaupt dazu beiträgt, Straftaten besser aufzuklären, ist bis heute nicht bewiesen. Studien und Gutachten legen das Gegenteil nahe.

Bei dem Ratstreffen diese Woche besprechen die Mitgliedsstaaten, wie sie trotz des Widerstands des Europäischen Gerichtshofes (EuGH) einen neuen Anlauf zur Massenspeicherung nehmen können. Die Minister*innen werden zunächst die EU-Kommission auffordern, bis 2020 eine Studie über die Wiedereinführung der Vorratsdatenspeicherung durchzuführen. Bis dahin werde der EuGH in neuen Urteilen vielleicht eine Rechtslücke für die Wiedereinführung öffnen, sagen EU-Diplomaten.

Viele Mitgliedstaaten warten nicht auf eine gesamteuropäische Lösung, sie fahren mit der massenhaften Speicherung von Kommunikationsdaten fort oder haben neue Gesetze dazu erlassen. Von 25 EU-Mitgliedstaaten haben bereits 22 Länder eine Form der Vorratsdatenspeicherung in Gesetz gegossen – jedoch laufen davon in sechs Ländern Klagen gegen die VDS. Lediglich in Österreich, den Niederlanden und Slowenien gibt es bislang keine Massenspeicherung (mehr), meist aufgrund von Urteilen nationaler Gerichte.

Der Stand der Umsetzung der Vorratsdatenspeicherung geht aus einem Arbeitspapier des Rates der Europäischen Union hervor, den wir hier als PDF veröffentlichen.

Von Interesse: Stand der Umsetzung

In dem Arbeitspapier sind alle EU-Länder mit dem aktuellen Stand der Umsetzung der VDS gelistet. Zudem gibt das Dokument einen Überblick über aktuelle Gesetzgebungsverfahren, die spezifischen Gesetze sowie relevante Fälle vor Gericht.

Dass der Rat sich dafür interessiert, wie es um die Vorratsdatenspeicherung der EU-Staaten bestellt ist, dürfte daran liegen, dass seit der gekippten EU-Vorratsdatenspeicherungsrichtlinie von 2006 kaum noch jemand weiß, wo diese noch umgesetzt ist. Aufgrund zahlreicher Gerichtsurteile auf EU- und Länderebene, den daraus folgenden Anpassungen, sowie gewissen Freiheiten der Mitgliedstaaten, ist ein bunter Flickenteppich zur Vorratsdatenspeicherung in Europa entstanden.

Vollbildanzeige

Die Karte zeigt den Stand der Umsetzung der Vorratsdatenspeicherung auf Grundlage des Arbeitspapiers. Rot gefärbte Länder haben bereits die VDS eingeführt. In den Ländern, die gelb markiert sind, gibt es zwar ein Gesetz zur VDS, dieses liegt jedoch mit einer Klage bei Gericht, ein Urteil wurde noch nicht gefällt. Lediglich in den grün gekennzeichneten Ländern ist die Vorratsdatenspeicherung bereits vom Tisch.

Vorratsdatenspeicherung im Überblick

Eine erste EU-Richtlinie zur Vorratsdatenspeicherung gab es 2006, die in Deutschland 2008 umgesetzt wurde. 2010 kippte das Bundesverfassungsgericht die deutsche Umsetzung. Anfang 2014 wurde die anlasslose Massenüberwachung dann durch den Europäischen Gerichtshof für ungültig erklärt. In einem weiteren Urteil im Jahr 2016 knüpfte das Gericht die Speicherpflicht von Telekommunikationsdaten an strenge Voraussetzungen. Seitdem versuchen viele Länder, durch kosmetische Veränderungen an der VDS festzuhalten.

Sonderfall Deutschland

In Deutschland ist die Vorratsdatenspeicherung de facto ausgesetzt, obwohl es seit 2015 – kurz nach dem Urteil des Europäischen Gerichtshofs – wieder ein neues Gesetz über die Speicherpflicht von Verbindungsdaten gab. Gegen dieses Gesetz gab es viele Klagen und Verfassungsbeschwerden. 2017 entschied das Oberverwaltungsgericht in Nordrhein-Westfalen auf einen Eilantrag des Providers Spacenet, dass der Anbieter keine Vorratsdaten speichern muss, bis ein Urteil des Bundesverfassungsgerichts vorliegt. Das Kölner Verwaltungsgericht bestätigte diese Entscheidung im Jahr 2018 für die Deutsche Telekom. Abschaffen können die Verwaltungsgerichte die deutsche VDS-Version jedoch nicht. Seitdem verzichtet die Bundesnetzagentur darauf, sie bei den Providern in Deutschland durchzusetzen.

Das Urteil des Bundesverfassungsgerichts wird noch in diesem Jahr erwartet.


Hier das Original-Dokument aus dem PDF befreit:

  • Date: Brussels, 06 March 2019
  • N°: WK 3103/2019 INIT
  • From: Council of the European Union, General Secretariat
  • To: Delegations
  • N° prev. doc.: 5206/2017 REV 3

Data retention – Situation in Member States

Delegations will find in the Annex a table outlining the status of legislation on data retention and relevant court cases on data retention in the Member States as noted to date. The table in Annex provides an update of the table annexed to document 5206/2017 REV 3 on the basis of contributions of: BE, CZ, DK, DE, FR, HR, CY, HU, MT, AT, PL, PT, SE, UK.

Member StateUpdated onDR legislation in forceStatus of the legislationRelevant Court cases
Austria5 March 2019NoCurrently, AT neither has any DR legislation in force, nor is AT preparing any new DR law. Unlike the Data retention table, distributed on 27 Nov. 2017 (WK 5206/2017 ADD 3), indicates, AT never intended to install a data retention regime since this regime was repealed by the Austrian Constitutional Court in 2014 following the decision of the ECJ in Digital Rights Ireland. Since then there is no data retention regime in force in AT. However, law enforcement authorities can access data that has been stored by the providers for billing purpose, where the retention period is, in general, three months. Under EE presidency, AT presented a different model („Quick Freeze“) which was not a legislative proposal concerning DR, but rather gives an opportunity to refrain from deletion of data stored for billing purposes for a maximum time period of 12 months, which was subsequently wrongly inserted in the data retention table in document WK 5206/2017 ADD 3 as a „DR legislative proposal“.Most parts of the Austrian law on data retention were declared invalid by the Constitutional Court on 27 June 2014 following the Ireland Digital Rights judgement of 8 March 2014.
Belgium5 March 2019Yes
  • Law of 29 May 2016 on the collection and retention of data in the telecommunications sector (Loi relative à la collecte et à la conservation des données dans le secteur des communications électroniques) The Law entered into force on 28 July 2016.
  • Code of criminal procedure (Code d’instruction criminelle): articles 46bis, 88bis, 464/13 and 464/25
  • Law of 30 November 1998 on the intelligence and security services (Loi organique des services de renseignement et de sécurité ): articles 13, 18 §3, 18 §8, 18/3 §2 and 18/8
  • Law of 13 June 2005 on electronic communications (Loi relative aux communications électroniques): articles 126 and following, as well as 145
In the aftermath of the decision of the Court of Justice of the EU in the case C- 203/15 Tele2 Sverige on the 21st of December 2016, four claims for annulment of the new Belgian legislation have been introduced before the Constitutional Court. On the 19th of July 2018, the Constitutional Court referred three questions to the Court of Justice of the EU for further interpretation (case C-520/18). It concerns (1) whether a broader objective would justify a general data retention scheme; (2) whether positive obligations imposed on the government on the basis of the Charter would justify a general data retention scheme; and (3) whether the effects of the national legislation could be temporarily uphold in case of a complete/partial annulment. Fourteen Member States and the European Commission have submitted written contributions. A hearing is expected in the course of 2019.
Bulgaria29 November 2017Yes
  • Electronic Communications Act Prom. SG 41 of 22 May 2007, last amended and supplemented by SG 103 of 27 December 2016
  • Criminal Procedure Code Prom. SG 83 of 18 October 2005, last amended and supplemented by SG. 13 of 7 February 2017
The previous Bulgarian data retention law was declared incompatible with the national constitution by the constitutional Court on 12 March 2015.
Croatia5 March 2019Yes
  • Electronic Communications Act.
  • Criminal Procedure Code.
  • Police Duties and Powers Act.
  • Law on the Security system and Intelligence of Republic of Croatia.
  • National Defence Act.
  • Regulation on the obligations in the field of national security of the Republic of Croatia for legal and natural persons in telecommunications
  • Regulation on Military Police Affairs and Enforcement of Certified Officials of Military Police.
  • In our national legislative no changes were done so far, but we are in the process of analysing implications of ECJ judgments on the national legislation.
Cyprus5 March 2019YesFollowing the judgement in the case of Digital Rights Ireland the national legislation has been upheld by a Supreme Court’s Judgement in October 2015. Although the national law has not been challenged before the Supreme Court after the issuing of the judgement in Tele2 Sverige Case, an interim judgment of the Assize Court issued in January 2019 referred to the issue in the following context: The defense lawyer objected to the filing of digital evidence containing telecommunication data of the defendant by the prosecution, alleging that the data was kept illegally by the internet service provider (isp) thus violating the right to private communication. To support his position the defense lawyer referred to the judgement in Tele2 Sverige. The objection was dismissed by the Assize Court on the ground that the national law provides for all necessary safeguards to the right to private communication explaining the following in its judgment:

  • Both the retention and the access to telecommunication data in Cyprus under the relevant legislation, Law 183(I)/2007, are subject to strict and thorough checks by national competent authorities. The retention of data is under the supervision of the Commissioner for the Protection of Personal Data and access to data is permitted only, following a request by a police investigator and not by any other public body.
  • The access to data is restricted to serious criminal offences punishable with a term of imprisonment of at least five years. Before any application is filed to the Court, the Attorney General’ s consent must be obtained and the application must be heard by a Senior District judge who might reject or grant the application.
  • The European Court’s suggestion to retain telecommunication data in certain geographical areas cannot be implemented in Cyprus having in mind the way crime is committed in Cyprus and in particular the nature and the place where offences are committed, since the serious criminal activity can be noted in all areas under the control of the legal government in the Republic of Cyprus.
  • Furthermore, the retention of data on the basis of geographical areas with increased criminality might be rendered as discriminatory to the citizens of that area taking into consideration that the isp would not know in advance who will commit crime and therefore would be obliged to retain also the data of law abiding citizens in that area. Despite the above mentioned, it is stressed that the issues arising from the judgment in Tele2 Sverige have not been examined conclusively by the Supreme Court in Cyprus. Lastly, it is stressed that Cyprus is in favour of the development of an EU regime on data retention, in line with the requirements of the case law of the Court of Justice of the EU, while taking into account the needs of the competent authorities in the fight against serious crime in the digital age.
Czech Republic5 March 2019Yes
  • Electronic Communications Act
  • Code of Criminal Procedure, Section 88a
The current legislation is being challenged before the Constitutional Court.
Denmark5 March 2019Yes
  • Administration of Justice Act, Act no 1255 of 16 November 2015, Chapter 71
  • Executive Order No. 988 of 28 September 2006 on the retention and storage of traffic data by providers of electronic communications networks and electronic communications services, amended by Executive Order no. 660 of 19 June 2014 (following the 2014 Digital Rights Ireland judgment)
  • Guidelines for the Executive Order on the retention and storage of traffic data by providers of electronic communications networks and electronic communications services
The Danish rules on data retention (executive order no. 988 of 28 September 2006) are currently being challenged before the Eastern High Court. The case has been postponed – initially until 1 September 2019 – due to the pending case C-520/18 at the ECJ.
Estonia29 November 2017Yes
  • Electronic Communications Act based on Directive 2006/24/EC concerning data retention obligation and retention criteria by telecommunication service providers
  • Several other national legal acts set the access criteria, prior authorization and other criteria for access. For example, access and use of retained telecom data is regulated in the Criminal Procedure Code. For misdemeanors procedure, it ́s the Code of Misdemeanor Procedure etc. Access to the retained data is allowed in different procedures and slightly different rules and criteria apply.
Finland29 November 2017Yes
  • Information Society Code 917/2014, sections 157- 159 and 322
  • The Act refers to the Police Act, the Border Guard Act (578/2005), the Act on the Processing of Personal Data by Border Guards (579/2005), the Customs Act (1466/1994) and the Coercive measures Act (806/2001).
  • Assessment of the data retention legislation was assigned by the National Parliament in early 2017. The report of the Working Group established by the Ministry of Transport and Communications was published on 22 June 2017.
France5 March 2019Yes
  • Code des postes et des communications électroniques, articles L34-1 et L39-3 et les dispositions réglementaires correspondantes R10-12 à R10-22 et D 98-7 du même code.
  • Loi n 215-912 du 24 juillet 2015 relative au renseignement.
  • Code de procédure pénale, articles 60-1, 60-2, 77-1-1, 99-3, 706-95-4 et 706-95-5 et les dispositions réglementaires R 15-33-67, R 15- 33-68 et R 213-1.
  • Article L83 du livre des procédures fiscales.
  • Article 65 du code des douanes remplacé par l’article 65 quinquies du code des douanes (article 14 de la loi n° 2018-898 du 23 octobre 2018 relative à la lutte contre la fraude).
  • Loi n 2016-731 du 3 juin 2016 renforçant la lutte contre le crime organise, le terrorisme et leur financement
  • Loi n 2004-575 du 21 juin 2004 pour la confiance dans l’économie numérique (LCEN) et son décret d’application n 2011-2019 du 25 février 2011 relatif à la conservation et à la communication des données et notamment son article 6.
Following the Tele2 judgement, 2 French requests for preliminary ruling are pending before the ECJ (C- 511/18 and C-512/18). Those cases have been brought by the French administrative Supreme Court on July 26th. On February 15th, the French constitutional court has ruled that former legislation on the access to metadata by customs officers during criminal procedures was unconstitutional. The legislation which has been overruled by the constitutional court had already been repealed by a new one before this decision (see “status of legislation”).
Germany5 March 2019Yes
  • Law on the introduction of an obligation to store and a maximum period to retain traffic data (Gesetz für Einführung einer Speicherpflicht und einer Höchstspeicherfrist für Verkehrsdaten)
  • The law entered into force on 18 December 2015. The storage obligation became effective on 1 July 2017.
Constitutional Court The current legislation is being challenged before the German Constitutional Court (several constitutional complaints). Requests for interim decisions in relation to these complaints have been denied in July 2016 and in April 2017, respectively. Administrative Courts A complaint brought forward by an Internet Access Provider – directed against the obligation to store internet traffic data only – is pending at the Federal Administrative Court. After the corresponding request for interim relief has been denied in February 2017 by the Administrative Court Cologne, the Higher Administrative Court for North Rhine-Westphalia granted the appeal against that decision and ruled that the provider is not obliged to store data until the main proceedings are concluded. It based its decision on the notion that in light of the Tele2 judgment the German legislation on data retention would clearly be incompatible with EU law. The court acknowledged that the current storage obligation is more restrictive in comparison to the previous system. It concluded, however, that these restrictions do not warrant a different assessment than that provided by the Tele2 judgment regarding the SE and GB legislation. Following the decision of the Higher Administrative Court, the Federal Network Agency announced that it will abstain from enforcement measures regarding the storage obligations and that it won’t impose fines for non-compliance with the storage obligations until main proceedings are concluded. The Administrative Court Cologne followed the decision of the Higher Administrative Court on 20. April 2018. The appeal against this decision is pending at the Federal Administrative Court. Another corresponding complaint has been filed by another Internet Access Provider (Telekom Deutschland GmbH). It was parallel ruled by the Administrative Court Cologne. The appeal against this decision is pending at the Federal Administrative Court as well.
Greece29 November 2017Yes
  • Act 3917/2011 (implementing Directive 2006/24),
Hungary5 March 2019Yes
  • Act C of 2003 on Electronic Communications (Data shall be retained for 12 months as a general rule, and for 6 months in case of unsuccessful calls.)
  • Act XC of 2017 on Criminal Proceedings (The act has entered into force on 1 July 2018 and introduced the requirement of prior review by the prosecutor when investigating authorities request data from service providers within the criminal procedure.)
  • Act XXXIV of 1995 on the Police
  • Act CXXII of 2010 on the National Tax and Customs Office
  • Act CXXV of 1995 on the National Security Services
  • Government decree 180/2004 (V.26) on electronic communications networks and bodies and agencies authorised to conduct covert investigations on cooperation between organisations
  • Under the coordination of Ministry of Interior an expert group on data retention has been established at a national level in the beginning of May 2017 in cooperation with the ministries, organisations and authorities concerned. The main task of the group is to analyse and asses the impacts of the Tele2 judgement on the existing Hungarian legislation and based on the practical experiences to draft possible solutions regarding the way forward with amending current legislation. The current legislation, in relation with the Tele2 judgement, has not been amended until this time. No court decision has been delivered so far in relation with the current national regulation. A complaint has been submitted to the Constitutional Court on 26 July 2016, which found it eligible for further examination. No decision has been made yet.
Ireland29 November 2017Yes
  • Communications (Retention of Data) Act 2011
  • On 3 October 2017, the Minister for Justice and Equality published the general scheme of the Communications (Retention of Data) Bill 2017. The proposals take account of evolving ECJ jurisprudence.
Italy29 November 2017Yes
  • Legislative Decree n. 109/2008
  • Legislative Decree n. 7 of 18 February 2015 (confirmed by law n. 43 of April 17, 2015)
Latvia29 November 2017Yes
  • Electronic Communications Act (Article 71)
  • Criminal Procedure Act (Article 192)
  • Cabinet Regulation No 820 of 2007,
Lithuania29 November 2017Yes
  • Electronic Communications Law No IX-2134 of 15 April 2004 (Articles 65, 66, 67 and 77)
  • Code of criminal Procedure (Article 154)
  • Law on Criminal Intelligence No XI-2234 of 2 October 2012 (Article 6)
  • Law of the Republic of Lithuania on Cyber Security No XII-1428 of 11 December 2014 should also be pointed out (Articles 12-16)
Luxembourg29 November 2017Yes
  • Loi modifiée du 30 mai 2005, relative aux dispositions spécifiques de protection de la personne à l’égard du traitement des données à caractère personnel dans le secteur des communications électroniques et portant modification des articles 88-2 et 88-4 du Code d’instruction criminelle
Malta5 March 2019Yes
  • Subsidiary Legislation 440.01 Processing of Personal Data (Electronic Communications Sector) Regulations of 15 July 2003 (last amended by Legal Notice 429 of 2013)
In 2018, three constitutional cases were filed wherein the applicants challenged Legal Notice 198 of 2008 (the subsidiary legislation transposing Directive 2006/24/EC into Maltese legislation). All three cases are still at first instance level.
Netherlands29 November 2017No
  • The Data Retention Act of 1 September 2009 is no longer applicable following a ruling of the the Hague Civil Court of 15 March 2015
  • Proposal of 13 September 2016 amending the Telecommunications Act and the Criminal Procedures Act in view of the retention of data processed in the context of providing public telecommunication services and public telecommunication networks (Voorstel van wet van 13 september 2016 tot Wijziging van de Telecommunicatiewet en het Wetboek van Strafvordering in verband met de bewaring van gegevens die zijn verwerkt in verband met het aanbieden van openbare telecommunicatiediensten en openbare telecommunicatienetwerken),
Poland5 March 2019Yes
  • Telecommunications law of 16 July 2004 (Section VIII – Obligations as regards defence, national security, internal security and public order) (Articles 180a-180e)
  • Regulation of the Minister of Infrastructure of 28 December 2009 with regard to the detailed list of data, the categories of the providers of publicly available telecommunications services or public networks that are obliged to retain and store the data
  • Law of 15 January 2016 amending the Law on the Police and other certain Laws
  • Law of 16 November 2016 on the National Revenue Administration
  • Code of Criminal Procedure (Articles 218, 218a, 218b)
  • Regulation of the Minister of Justice of 28 April 2004 on the means of technical preparation of information systems and networks for the collection of lists of phone calls and other communications and the means of securing IT data
Judgement of the Constitutional Tribunal of 30 July 2014 (K 23/11) on catalogue of data on the individual, collected via electronic means in the course of operational surveillance; data destruction requirements.
Portugal5 March 2019Yes
  • Law No 32/2008 of 17 July transposing Directive 2006/24/EC
  • Code of criminal procedure: articles 189o (187o, 188o)
  • Law No 109/2009, of 15 September approves the Cybercrime Law, transposing Council Directive 2005/222 / JHA of 24 February on attacks against information systems, and transposes into national law the Convention on Cybercrime Council of Europe
  • Organic Law 4/2017 of 25 August Access of Officers of information on SIS and SIED to telecommunications and internet data
Judgement of the Constitutional Court no. 420/2017, of 13 July 2017: The Portuguese Constitutional Court was called upon to decide whether specific provisions of Law 32/2008, of 17 June, were in conformity with the Portuguese Constitution. The question posed to the Constitutional Court was specifically whether the duty imposed on the providers of publicly available electronic communications services or of a public communications network to retain, for the period of one year from the date of the conclusion of the communication, data regarding the name and address of the subscriber or registered user to whom the user ID was attributed at the time of the communication violated the right to secrecy of correspondence and other means of private communication and the right to privacy of personal and family life enshrined in the Constitution. The Constitutional Court declared that the relevant provisions do not contradict the Constitution. Further to this, the Constitutional Court concluded that the ECJ’s reasoning in the Ireland Digital Rights judgement of 8 March does not apply to Law 32/2008 and, in this regard, does not provide sufficient grounds to invalidate it. In fact, this law densified the Directive by regulating the procedure of retention and access to the data by the authorities and establishing adequate safeguards.
Romania29 November 2017Yes
  • Law No 235/2015, amending Law No 506/2004, introducing rules regarding access of competent national authorities to retained data (notably Articles 5 and 121)
  • Law No 75/2016, amending Law No 235/2015 and Government Emergency Order No 82/2014 (amending and supplementing Law No 135/2010 on the Code of Criminal Procedure (notably Articles 138 and 152).
The previous Romanian data retention law was declared unconstitutional by the Constitutional Court on 8 July 2014.
Slovakia29 November 2017Yes
  • Act no. 351/2011 of 14 September 2014 on Electronic Communications
Ruling of the Constitutional Court of the Slovak Republic of 29 April 2015 No. PL ÚS 10/2014-78 (On 29 April 2015, The Grand Chamber of the Constitutional Court (PL. ÚS 10/2014) proclaimed provisions Article 58(5) to (7) and § 63(6) of the Act on Electronic Communications (Act No. 351/2011 Coll.), which until now required mobile network providers to track the communication of their users, as well as provisions of Article 116 of the Criminal Code (Act No. 301/2005 Coll.) and § 76(3) of the Police Force Act (Act No. 171/1993 Coll.), which allowed access to this data, to be in contradiction to the constitutionally guaranteed rights of citizens to privacy and personal data.
Slovenia29 November 2017No
  • The Slovenian Constitutional Court annulled Chapter 13 on data retention of the Electronic Communications Act on 3 July 2014. No proposal has been made by the government to replace this law.,The Slovenian Constitutional Court annulled Chapter 13 on data retention of the Electronic Communications Act on 3 July 2014.
Spain29 November 2017Yes
  • Law 25/2007 of 18 October on the retention of data concerning electronic communications and public communication networks, last amended on 10 May 2014 (Ley 25/2007, de 18 de octubre, de conservación de datos relativos a las comunicaciones electrónicas y a las redes públicas de comunicaciones, consolidado de 10 de mayo de 2014).
Sweden5 March 2019Yes
  • On 28 February 2019, the Government decided to refer a proposal for new legislation regarding data retention to the Council on Legislation.
  • The consultation with the Council on Legislation is a step in the Swedish legislative process and the aim is to present a final bill to the Parliament later this spring.
  • The draft bill builds on the proposals put forward by a Public Inquiry in October 2017 and is designed along the lines of the concept of restricted retention as discussed at EU- level, i.e. a series of data types and categories previously subject to retention will no longer be retained according to the proposal. A detailed list can be found in Annex 1 on page 38 in WK 3005/2018/INIT, Preparatory work for the Data Retention Matrix.
  • According to the draft bill, location data is to be retained for two months and traffic data for six months.
  • In addition, it can be noted that it is proposed in the draft bill that it must be possible to identify a subscriber to the internet regardless of the technical solution used by the operator (such as the Carrier-Grade NAT).
  • Furthermore, it is proposed that data must be retained within the EU and that the Prosecution Authority will examine and decide upon requests for access to retained data for certain intelligence purposes.
  • Finally, it is proposed that the legislation will enter into force on 1 October 2019.
United Kingdom5 March 2019Yes
  • Investigatory Powers Act 2016, notably Part 3 on the authorisations for obtaining communications data and Part 4 on the retention of communications data.
  • Legislation was amended in October 2018 to reflect the additional requirements of independent authorisation and the serious crime threshold for the retention and acquisition of communications data as required by Tele2 & Watson.
In April 2018, the UK High Court ruled on the UK’s data retention regime and found in the Government’s favour on all parts except where we had conceded (and have subsequently amended), including ruling that our regime is not general and indiscriminate. The Government is facing ongoing legal challenge to the Investigatory Powers Act, and a hearing is scheduled for June 2019.

4 Ergänzungen
  1. Ist die VDS in Deutschland tatsächlich ausgesetzt?

    Ausgesetzt ist in Deutschland nur die Möglichkeit der Regierung, eine Speicherung an zu ordnen. Was die Provider selber machen, bleibt ihnen überlassen. Und da wird wohl fleißig gespeichert. Ob die Provider selber mit Big Data Geld verdienen wollen, oder ob die Polizei die Auskünfte nur gut bezahlt – in der Praxis werden auch in Deutschland Daten auf Vorrat gespeichert und an die Polizei ausgehändigt.

  2. Nur weil Studien bisher keine besondere Wirksamkeit der VDS für die Kriminalitätsbekämpfung nachweisen konnte, zeigen sie nicht automatisch das Gegenteil. Das würde ja bedeuten, dass die VDS die Strafverfolgung sogar erschwert. Zumindest wird im verlinkten Artikel nichts dazu gesagt.

  3. Österreich plant seit FPÖVP die Wiedereinführung einer diesemla rechtkonformen Vorratsdatenspeicherung: https://derstandard.at/2000101544729/Regierung-will-legale-Vorratsdatenspeicherung

    Geplant ist zumindest etwas, genau so wie man den als „Geheim“ eingestufen Bundestrojaner einführen möchte: https://derstandard.at/2000104663788/Kickls-geheimer-Bundestrojaner-Parlamentarische-Anfrage-soll-offene-Fragen-klaeren

    Die grüne Farbe ist meiner Meinung nach nicht ganz korrekt.

Wir freuen uns auf Deine Anmerkungen, Fragen, Korrekturen und inhaltlichen Ergänzungen zum Artikel. Unsere Regeln zur Veröffentlichung von Ergänzungen findest Du unter netzpolitik.org/kommentare. Deine E-Mail-Adresse wird nicht veröffentlicht.