PI's briefing on national data retention laws

PI’s briefing examing the current state of affairs in bulk data retention regulation across ten key jurisdictions.

Key findings
  • Data retention legislation imposing blanket obligations to telecommunication companies and Internet service providers persist
  • EU members have been slow in adapting their legislation in light of the most recent jurisprudence of the Court of Justice of the European Union
  • Other countries across the globe introduce similar legislation
  • Data retention frameworks examined therein are vague, lacking procedural safeguards
Report cover


Over the past years, data retention regulation imposing generalised and indiscriminate data retention obligations to telecommunication companies and Internet service provides has been introduced in various jurisdictions across the world. As the data retention practices across the world have evolved this new report is an attempt to shed some light on the current state of affairs in data retention regulation across ten key jurisdictions. 

Privacy International has consulted with human rights organisations to survey the legal systems of Argentina, Belgium, Brazil, France, Germany, Greece, Lebanon, Mexico, Tunisia, and South Africa. This briefing highlights that while the regulation within the EU continues to present challenges, regulatory frameworks across three different continents present similar concerns by introducing vague regulatory frameworks, lacking procedural safeguards and human rights protection exposing the communications and personal data of millions of users of telecommunications networks to unlawful access and abuse.

This briefing has been compiled by Privacy International with the assistance of Gaëtan Goldberg. Special thanks to our partner organisations who provided their input in relation to national legal frameworks: ALT Advisory (South Africa), Asociación por los Derechos Civiles (ADC) (Argentina), Homo Digitalis (Greece), Internetlab (Brazil), and SMEX (Lebanon).