6.2.3 Data retention targeting communication equipment and persons
Rpl. § 786 b third para., no. 1 to 4, provide for retention of “traffic data” with respect to communication equipment and persons that have been subject to interception or teleoplysning as mentioned in rpl. §§ 780 first para., no. 1 or 3. Furthermore, data may be retained regarding persons who are or have been in possession of such communication equipment. Data may also be retained regarding communication equipment that was contacted by communication equipment subject to interception or teleoplysning.
It is not required that the persons whose data may be retained were prosecuted or convicted.
The registration period is 1 year. The period commences from the date when the interception or teleoplysning terminated, and the date at the end of that year is a fixed date. Thus, registration may follow immediately upon the termination of the coercive measure, and last for a year. Should the registration start later, it may not continue for a full year, only for the remaining part of it (rpl. § 786 b fourth para).
The storage period is 1 year after registration (rpl. § 786 b fifth para.).
Order of data retention related to communication equipment and persons is issued by the National Police Authority (“Rigspolitiet”) (rpl. § 786 b third para.) The person whose data are registered shall not be notified (rpl. § 786 b seventh para.).
6.2.4 Data retention targeting geographical area
Pursuant to rpl. § 786 c, retention of “traffic data” may be ordered for geographical areas, however, in this case with the limitation that “traffic data related to fixed telephony including the providers’ own internet phone service” shall not be retained.
First paragraph states that data retention may be ordered for the parts of providers’ networks necessary to cover geographical areas measuring 3 kilometres x 3 kilometres. For the area in question, it must be demonstrated that the number of serious crimes
reported to the police, or the number of inhabitants
convicted for serious crime, amount to at least 1,5 times the average national rate calculated as the average over the last three years. The offences in question must have a prescribed maximum penalty of imprisonment for at least 3 years or, be one of those mentioned in Section
5.4.6.
Second paragraph states that data retention may be ordered with respect to “special security critical areas” (“særlig sikringskritiske områder”). The provision sets out a list exemplifying such areas, e.g., the residences of the royalty and the prime minister, embassies, police premises, prisons, bridge-, tunnel- and ferryway connections, large traffic intersections, border gateways, bus terminals, train and metro stations, military areas, high-risk enterprises involving storage of substances causing risk of fire or explosion, poisonous substances or substances causing environmental risk (“kolonne 3 virksomheder”), and public airports.
The provision does not fix a maximum period for the registration of data.
The storage period is limited to 1 year (third para.).
Order of data retention related to geographical areas is issued by the National Police Authority (“Rigspolitiet”) (rpl. § 786 c first and second para.). Persons whose data are retained shall not be notified (fifth para.).
6.2.5 Data retention based on a concrete assessment
Rpl. § 786 d provides legal basis for retaining “traffic data related to communications equipment, persons or specific areas” pursuant to a concrete assessment (konkret begrundede pålæg). Like rpl. § 786 c, the provision excludes “traffic data related to fixed telephony including the providers’ own internet phone service” (rpl. § 786 d first para., last sentence).
Data may thus be retained if there is “reason to assume”
(“grund til at antage”) that the object (i.e., the communications equipment, the person or the geographical area in question) “has connection with”
(“har forbindelse til”) serious crime, i.e., offences with a prescribed maximum penalty of imprisonment for at least 3 years, or offences as mentioned in Section
5.4.6. The area does not have to be the same or be related to the geographical areas targeted with basis in rpl. § 786 c.
The provision extends the possibility of the police to gain access to traffic data at an early stage of an investigation, beyond what is provided for in § 780 first para. (3) and (4), § 781 and § 781 a, as these provisions require “specific reasons”
(“bestemte grunde”) to assume that messages to and from the suspect are transmitted by use of the targeted communication equipment, and that the measure is “crucial”
(“af afgørende betydning”) to the investigation. In contrast, pursuant to § 786 d, it is sufficient that there is “reason to assume” that the object “has connection with” serious crime. However, in contrast to decisions about
extended/teleoplysning the police do not get immediate access to the data, as access requires an additional procedure, see Section
6.6.
The rationale for rpl. § 786 d is that at the time when the measure is needed “there will not necessarily exist a concrete suspicion that a person has committed or will commit a crime, nor that a crime was or will be committed in a specific geographical area.” This is further supplemented with the observation that “a retention order may therefore also be issued in respect of specific areas when the police has reason to believe that it has a connection to the planning of serious crime.”
A data retention order with basis in rpl. § 786 d must be issued by the court, as the conditions necessitate broad assessments. Such wide scope for discretion should be exerted by an independent judge. This sets the provision apart from the provisions dealt with in the preceding sections, where data retention is ordered by the National Police Authority, the reason being that the provisions apply objective conditions that make the law more foreseeable to the citizens.
The court order must specify the registration period which must be “as short as possible, not exceeding 6 months”. The period may be renewed (by court order) for a maximum of 6 months each time. The order shall specify the targeted person, communication equipment or geographical area (rpl. § 786 d second para).
The storage period is 1 year (third para).
Persons whose data are retained are entitled to the same procedural safeguards as applicable to
extended / teleoplysning, described in Section
5.4.6 (rpl. § 786 d, fourth para.).
6.3 General, undifferentiated data retention
6.3.1 Introduction
The law provides for general undifferentiated data retention in two instances as per rpl. §§ 786 e and 786 f. The first instance necessitates the execution of an order, whereas the other concerns an obligation that follows directly from the legal provision itself.
6.3.2 National security
To protect national security the Minister of Justice may order providers to perform general, undifferentiated data retention (rpl. § 786 e). The obligation is comprehensive (no exception for data related to fixed telephony or the provider’s own internet phone service).
The material condition is that there are “concrete circumstances sufficient to cause an assumption that Denmark is faced with a serious threat against national security that must be deemed as real and present or foreseeable” (“tilstrækkelig konkrete omstændigheder, der giver anledning til at antage, at Danmark står over for en alvorlig trussel mod den nationale sikkerhed, som må anses for at være reel og aktuel eller forudsigelig.”)
The assessment shall be performed at regular intervals to ensure that both national and international circumstances are taken into consideration. Moreover it shall be based on several elements, such as
analysis of criminal cases, pending and concluded, concerning offences laid down in Chapter 12 and 13 in the Criminal Code (offences against national security, the constitution and higher central institutions, and terrorism);
unclassified analyses by the Intelligence Service of the Police (PET), the Military Intelligence Service, and the Cybersecurity Centre; and
the annual Assessment of the Terrorist Threat against Denmark by the Centre of Terrorism Analysis (“Vurderingen af Terrortruslen mot Danmark» (VTD)).
The registration period is 1 year as a maximum (rpl. § 786 e second para). The preparatory works emphasize that the period must in any case not be longer than “strictly necessary.”
The data shall be stored for 1 year (rpl. 786 e third para).
Prior to the order, the Minister of Justice shall have negotiated with the Minister of Commerce (rpl. § 786 e first para.).
Rpl. § 786 e was activated already at the date when the revised law entered into force (30 March 2022), by decision of the Minister of Justice after negotiation with the Minister of Commerce (BEK no. 381). The retention period was set to 1 year commencing 30 March 2022 ending 29 March 2023. The data shall be stored until 29 March 2024. Attached to the decision is an assessment that includes information as listed in the preparatory works, see above. The assessment was thus made publicly available.
6.3.3 Internet access
Providers have a general, undifferentiated obligation to register data related to “end-users’” access to internet (rpl. § 786 f). The data shall be stored for 1 year.
Data about internet access are deemed to be “of crucial importance” (“helt afgørende”) to the investigation of a broad range of crime, in particular crime committed “in the digital domain”, notably child sexual abuse, distribution of illicit images, as well as hacking cases which have been on the rise recent years. Generally, circumstances indicate that the police have a need to - unambiguously and efficiently - be able to determine the identity of an end-user’s identity on basis of data about internet access.
In contrast to the other provisions, rpl. § 786 e does not require the crime to be serious. The reason is that the data to be retained do not expose the person’s private life as such, as they do not concern the servers accessed in the internet session, or third parties the person has communicated with. The data only identify the person who used an internet connection at a certain point in time (see also Section
6.4.2). The interference is thus deemed to be rather small. The data however may be vital to the investigation of all types of crime.
Further rules about retention of internet access data are set out in BEK no. 380. The regulation specifies the providers comprised by the regulation (Chapter 1 “Scope” §§ 1-3), the data to be registered and by whom (Chapter 2 §§ 4-7) and finally states that a contravention of the regulation is a criminal offence punishable with a fine, and that criminal liability may be incurred also by corporations (§ 8).
6.4 The data to be registered
6.4.1 Traffic data
The data to be registered and stored by the providers are referred to as “traffic data” (rpl. §§ 786 b to 786 e) and “data about an end-user’s access to internet” (rpl. § 786 f). “Traffic data” are further specified in a regulation containing thirteen categories of data, set out with legal basis in rpl. § 786 fourth para. The data categories are reiterated in the preparatory works (see below). The categories encompass more data than often regarded as traffic data, such as A- and B number, time, and duration of a communication. It also includes location data related to mobile telephony (point 6), as well as name and address of subscribers and registered users (points 8 and 12), the latter often known as subscriber data.
The list set out in the regulation is exhaustive. Data not on the list are not “traffic data” and may not be comprised by a retention order even if they are generated in the provider’s service, for instance for network error detection. An example is signal data, i.e., data documenting a connection between a mobile phone and a cell mast when the mobile phone is turned on but not in use by the owner. Such data may still be subject to a preservation order.
“Traffic data”:
Data related to fixed and mobile telephone networks, as well as to communication by SMS, EMS and MMS:
Source number (A-number), and name and address of the subscriber or registered user,
Receiving number (B-number), and name and address of the subscriber or registered user,
Change of receiving number (C-number), and name and address of the subscriber or registered user,
Receipt of received messages,
The identity of the devices used in the communication (e.g., IMSI- or IMEI-numbers),
The cell or those cells a mobile phone is connected to at the beginning and end of a communication, as well as precise data about the associated cell masts’ geographical or physical location at the time of the communication, and
The time when the communication begins and ends.
Data related to the providers’ own e-mail services:
Sender’s e-mail address, and
Recipient’s e-mail address.
Data related to the provider’s own internet-based phone services (IP-telephony):
The allocated user identity (“User-ID”),
The User-ID and phone number allocated to communications performed in a public electronic communication network,
Name and address of the subscriber or registered user, to whom an IP-address, a user identity or a phone number was allocated at the time of the communication, and
The time when the communication begun and ended.
The data listed in points 10 to 13 concern the provider’s own internet-based phone service (IP-telephony). Such service is possibly an NI-ICS. This entails that the Danish data retention rules encompass NI-ICS in so far as the service is made available by a provider under Danish jurisdiction.
Although not explicitly stated in the legal provisions, the providers’ obligation to retain data only concerns data “that are generated or processed in [their] network.” If data specified on the list are not generated in the provider’s network, for technical or other reasons, they fall outside the scope of the obligation. The provider is not obliged still to generate and store them.
The obligation may be limited also by the scope of the legal provisions. This is the case for rpl. § 786 c (geographical areas) and 786 d (order based on a concrete assessment), both explicitly excluding traffic data about fixed telephony and providers’ own internet phone services from the obligation (cf. first paragraph of both provisions).
6.4.2 Internet access data
BEK no. 380 § 4 specifies internet access data as “data that are generated or processed in providers’ network” concerning:
The User-ID allocated to the end-user by the provider. The User-ID may be a customer number, subscriber number or similar data that identify the end-user vis a vis the internet access provider,
The User-ID and telephone number allocated to communications in a public electronic network. «User-ID» means identifying data allocated by the provider to the end-user when the end-user accesses the internet, including IP-address, source port number and other identifying data,
Name and address of the subscriber or registered user regarding whom an IP-address, a User-ID or a telephone number was allocated at the time when the internet was accessed.
The points in time when the internet was accessed, and the access was terminated.
As noted in Section 6.3.3, the purpose of retaining data about internet access pursuant to rpl. § 786 f, is to ensure availability of data that may identify the person who used an internet connection at a certain point in time. These data are referred to in rpl. § 786 f as “data about an end-user’s access to internet” (italics added). “End-user” (slutbruger) is defined in DECA § 2, no. 3 as