Data retention is a big thing when it comes to VPN's. Knowing which country your service provider is governed by is crucial in understanding which law's they must follow. This not only impacts their regulatory requirements but also YOU and YOUR DATA.
We must not confuse data retention laws with the Data Protection Act (which is a whole different subject). Data Retention is what some countries must comply with depending on the ruling government of their country. It relates to the storing, encryption, file types and the length of time a business must keep data on its customers.
As you can imagine, we use VPNs for privacy and to protect ourselves online, so knowing that by making a simple request for information, your VPN Provider may have to have over everything it has on you is concerning, to say the least.
The table below outlines the data retention laws of each county (The Americas, The EU, and Worldwide).
| Country | Data Retention? | Retention Period | Authorisation Required To Access Data |
|---|---|---|---|
| Australia | YES | 2-Years | Accessible without a warrant. |
| Czech Republic | NO | Ruled unconstitutional and found it to be infringing on the peoples right to privacy. | |
| Denmark | YES | EU data retention directive implemented | |
| Germany | NO | Introduction of data retention, pending final decision. | |
| Italy | YES | 2 Years - Telephony Data 1 Year - ISP Data | |
| Norway | YES | EU data retention directive implemented | |
| Romania | NO | Declared Unconstitutional | |
| Russia | YES | 6-Months | |
| Serbia | YES | 12-Months | |
| Slovakia | YES | 6-Months | |
| Sweden | EU data retention directive implemented | ||
| Switzerland | YES | 6-Months | |
| United Kingdom | YES | 1-Year | |
| United States | YES | 2-Years |