Monday, March 11, 2013

Danish Government postpones the data retention law evaluation

In the coming months, the Danish Parliament will conduct an evaluation and revision of the Danish data retention law which implements directive 2006/24/EC. The review process has been postponed twice on earlier occasions (2010 and 2012) and now the Danish government wants another postponement, officially in order to coordinate with any changes in the directive at the EU level.

The Danish law exceeds the requirements of the EU's data retention directive in several respects, especially as far as Internet logging is concerned. The Danish law contains a requirement for session logging which includes data about every Internet packet being transmitted.

Specifically, the following information must be retained:

  • source and destination IP address
  • source and destination port number
  • transmission protocol (like TCP and UDP)
  • timestamps

The contents of the Internet packets are not being logged, but the IP addresses will contain information about visits to websites of political parties (that is, in effect, registration of political preferences) and the online news services that the citizen reads. Last year in the Danish Parliament, there was considerable debate about the Danish over-implementation of the data retention directive, in particular Internet session logging.