Go to content

6. Denmark

6.1 Introduction

Prior to the revision in 2022, Danish law on data retention imposed a general statutory obligation on providers to indiscriminately register and store data for a period of 1 year. The revision brought about a significant change.
Current law sets out data retention provisions in rpl. Chapter 71 “Interferences with private communication, etc.”, § 786 b to § 786 j, and provisions of access in Chapter 74 “Seizure and Production Order”. The law provides for targeted data retention (rpl. §§ 786 b to 786 d), and general, undifferentiated data retention (rpl. § 786 e and 786 f). There is but one instance of a statutory obligation to retain data on a general, undifferentiated basis, i.e., rpl. § 786 f relating to internet access. Data retention in other instances may be ordered for limited periods of time provided specific conditions are fulfilled. The competence to order data retention is held by the National Police Authority (Rigspolitiet), the District Court or the Minister of Justice as further specified in the provisions.
The revised rules aim to ensure that retained data are available to the police “to the widest extent possible” within the framework of EU law.
LFF-2021 Gen. Comm. Ch. 2, p. 9 ff., and e.g., Ch. 3.7.3.1, p. 53.
 The law provides procedural safeguards guaranteeing persons whose data are retained a level of legal protection corresponding to the protection applicable to other interferences with private communication, described in Section 5.3.1 (data preservation) and 5.4.6 (teleoplysning).
LFF-2021 Gen. Comm. Ch. 2, p. 9 ff., and e.g., Ch. 3.7.3.1, p. 59.
 Legal safeguards are afforded both at the stage of data registration and storage, and at the later stage when the data are accessed.
The following sections address the conditions for targeted data retention (6.2), and general, undifferentiated data retention (6.3). Then follows a description of the data to be registered and stored (6.4), and of whom that may be subject to an obligation to retain data (6.5). Finally, the procedure for accessing the data is described (6.6).

6.2 Targeted data retention orders

6.2.1 Introduction – the criminality condition

Targeted data retention of “traffic data” may be ordered for persons, communication equipment, and specific geographical areas pursuant to rpl. §§ 786 b to 786 d (each provision making it explicit that the measure is targeted (“målrettet”)). The purpose is to combat serious crime. The provisions apply a criminality condition closely linked to the one applicable to teleoplysning. Consequently, aside from generally requiring an offence of a certain seriousness as determined by the statutory level of punishment, they include the offences already described in Section 5.4.6.

6.2.2 Data retention targeting convicted persons

Retention of “traffic data” may be ordered for persons convicted of serious crime (§ 786 b first para.). The rationale is that once discharged from prison such persons may be at risk of resuming criminal activity, besides that they might have a criminal social network. It is assumed that registration and storage of traffic data related to such persons “on occasion” might afford the police a possibility to use the data when investigating into “possible criminal connections” (“eventuelle kriminelle forbindelser”) that these persons might have. This could be helpful in the investigation and prosecution of serious crime.
LFF-2021 Gen. Comm. Ch. 2, p. 9 ff., and e.g., Ch. 3.7.3.1, p. 15.
The length of the registration period is related to the seriousness of the crime for which the person is convicted. Rpl. § 786 b first para. no. 1 to 3, differentiate between offences with a prescribed maximum penalty of imprisonment for at least 3, 6 or 8 years, respectively (and, in addition, less serious offences as specified in Section 5.4.6). Thus, the registration periods are,
  • 3 years for a person convicted of an offence with a prescribed maximum penalty of imprisonment for at least 3 years (“a 3 year offence”) (no. 1),
  • 5 years for a 6 year offence (no. 2), and
  • 10 years for an 8 year offence (no. 3).
The registration period commences when the person is discharged from prison, or in the case of a conditional sentence, from the time when the verdict became final (rpl. § 786 b second para.).
The provision adds some details for special instances. 
The storage period is 1 year (rpl. § 786 b fifth para.). It follows that the provider must delete data on a running basis one year from the date when the data were registered.
Order of data retention related to convicted persons is issued by the National Police Authority (“Rigspolitiet”) (rpl. § 786 b first para.). The person whose data are registered shall not be notified (rpl. § 786 b seventh para.).

6.2.3 Data retention targeting communication equipment and persons

Rpl. § 786 b third para., no. 1 to 4, provide for retention of “traffic data” with respect to communication equipment and persons that have been subject to interception or teleoplysning as mentioned in rpl. §§ 780 first para., no. 1 or 3. Furthermore, data may be retained regarding persons who are or have been in possession of such communication equipment. Data may also be retained regarding communication equipment that was contacted by communication equipment subject to interception or teleoplysning.
It is not required that the persons whose data may be retained were prosecuted or convicted.
The registration period is 1 year. The period commences from the date when the interception or teleoplysning terminated, and the date at the end of that year is a fixed date. Thus, registration may follow immediately upon the termination of the coercive measure, and last for a year. Should the registration start later, it may not continue for a full year, only for the remaining part of it (rpl. § 786 b fourth para).
The storage period is 1 year after registration (rpl. § 786 b fifth para.).
Order of data retention related to communication equipment and persons is issued by the National Police Authority (“Rigspolitiet”) (rpl. § 786 b third para.) The person whose data are registered shall not be notified (rpl. § 786 b seventh para.).

6.2.4 Data retention targeting geographical area

Pursuant to rpl. § 786 c, retention of “traffic data” may be ordered for geographical areas, however, in this case with the limitation that “traffic data related to fixed telephony including the providers’ own internet phone service” shall not be retained.
First paragraph states that data retention may be ordered for the parts of providers’ networks necessary to cover geographical areas measuring 3 kilometres x 3 kilometres. For the area in question, it must be demonstrated that the number of serious crimes reported to the police, or the number of inhabitants convicted for serious crime, amount to at least 1,5 times the average national rate calculated as the average over the last three years. The offences in question must have a prescribed maximum penalty of imprisonment for at least 3 years or, be one of those mentioned in Section 5.4.6.
§ 81 a of the Criminal Code is left out as irrelevant in respect of reported crime, see rpl. § 786 c first para., no. 1.
Second paragraph states that data retention may be ordered with respect to “special security critical areas” (“særlig sikringskritiske områder”). The provision sets out a list exemplifying such areas, e.g., the residences of the royalty and the prime minister, embassies, police premises, prisons, bridge-, tunnel- and ferryway connections, large traffic intersections, border gateways, bus terminals, train and metro stations, military areas, high-risk enterprises involving storage of substances causing risk of fire or explosion, poisonous substances or substances causing environmental risk (“kolonne 3 virksomheder”), and public airports.
The provision does not fix a maximum period for the registration of data.
The storage period is limited to 1 year (third para.).
Order of data retention related to geographical areas is issued by the National Police Authority (“Rigspolitiet”) (rpl. § 786 c first and second para.). Persons whose data are retained shall not be notified (fifth para.).

6.2.5 Data retention based on a concrete assessment

Rpl. § 786 d provides legal basis for retaining “traffic data related to communications equipment, persons or specific areas” pursuant to a concrete assessment (konkret begrundede pålæg). Like rpl. § 786 c, the provision excludes “traffic data related to fixed telephony including the providers’ own internet phone service” (rpl. § 786 d first para., last sentence).
Data may thus be retained if there is “reason to assume” (“grund til at antage”) that the object (i.e., the communications equipment, the person or the geographical area in question) “has connection with” (“har forbindelse til”) serious crime, i.e., offences with a prescribed maximum penalty of imprisonment for at least 3 years, or offences as mentioned in Section 5.4.6. The area does not have to be the same or be related to the geographical areas targeted with basis in rpl. § 786 c.
LFF-2021 Gen. Comm Ch. 3.1.3.3 p. 18, Spec. Comm. to rpl. § 786 d, p. 87.
The provision extends the possibility of the police to gain access to traffic data at an early stage of an investigation, beyond what is provided for in § 780 first para. (3) and (4), § 781 and § 781 a, as these provisions require “specific reasons” (“bestemte grunde”) to assume that messages to and from the suspect are transmitted by use of the targeted communication equipment, and that the measure is “crucial” (“af afgørende betydning”) to the investigation. In contrast, pursuant to § 786 d, it is sufficient that there is “reason to assume” that the object “has connection with” serious crime. However, in contrast to decisions about extended/​teleoplysning the police do not get immediate access to the data, as access requires an additional procedure, see Section 6.6.
The rationale for rpl. § 786 d is that at the time when the measure is needed “there will not necessarily exist a concrete suspicion that a person has committed or will commit a crime, nor that a crime was or will be committed in a specific geographi­cal area.”
LFF-2021 Gen. Comm Ch. 3.1.3.3 p. 18, Spec. Comm. to rpl. § 786 d, p. 87.
 This is further supplemented with the observation that “a retention order may therefore also be issued in respect of specific areas when the police has reason to believe that it has a connection to the planning of serious crime.”
LFF-2021 Gen. Comm Ch. 3.1.3.3 p. 18, Spec. Comm. to rpl. § 786 d, p. 87.
A data retention order with basis in rpl. § 786 d must be issued by the court, as the conditions necessitate broad assessments. Such wide scope for discretion should be exerted by an independent judge. This sets the provision apart from the provisions dealt with in the preceding sections, where data retention is ordered by the National Police Authority, the reason being that the provisions apply objective conditions that make the law more foreseeable to the citizens.
Ch. 3.6.3, p. 41.
The court order must specify the registration period which must be “as short as possible, not exceeding 6 months”. The period may be renewed (by court order) for a maximum of 6 months each time. The order shall specify the targeted person, communication equipment or geographical area (rpl. § 786 d second para).
The storage period is 1 year (third para).
Persons whose data are retained are entitled to the same procedural safeguards as applicable to extended / teleoplysning, described in Section 5.4.6 (rpl. § 786 d, fourth para.).

6.3 General, undifferentiated data retention

6.3.1 Introduction

The law provides for general undifferentiated data retention in two instances as per rpl. §§ 786 e and 786 f. The first instance necessitates the execution of an order, whereas the other concerns an obligation that follows directly from the legal provision itself.

6.3.2 National security

To protect national security the Minister of Justice may order providers to perform general, undifferentiated data retention (rpl. § 786 e). The obligation is comprehensive (no exception for data related to fixed telephony or the provider’s own internet phone service). 
The material condition is that there are “concrete circumstances sufficient to cause an assumption that Denmark is faced with a serious threat against national security that must be deemed as real and present or foreseeable” (“tilstrækkelig konkrete omstændigheder, der giver anledning til at antage, at Danmark står over for en alvorlig trussel mod den nationale sikkerhed, som må anses for at være reel og aktuel eller forudsigelig.”)
The assessment shall be performed at regular intervals to ensure that both national and international circumstances are taken into consideration.
LFF 2021 Gen. Comm. Ch. 3.2.3.1, p. 28-29.
 Moreover it shall be based on several elements, such as
  • analysis of criminal cases, pending and concluded, concerning offences laid down in Chapter 12 and 13 in the Criminal Code (offences against national security, the constitution and higher central institutions, and terrorism);
  • unclassified analyses by the Intelligence Service of the Police (PET), the Military Intelligence Service, and the Cybersecurity Centre; and
  • the annual Assessment of the Terrorist Threat against Denmark by the Centre of Terrorism Analysis (“Vurderingen af Terrortruslen mot Danmark» (VTD)).
    LFF 2021 Gen. Comm. Ch. 3.2.3.1, p. 28-29.
The registration period is 1 year as a maximum (rpl. § 786 e second para). The preparatory works emphasize that the period must in any case not be longer than “strictly necessary.”
LFF 2021 Gen. Comm. Ch. 3.2.3.1, p. 29.
The data shall be stored for 1 year (rpl.  786 e third para).
Prior to the order, the Minister of Justice shall have negotiated with the Minister of Commerce (rpl. § 786 e first para.).
Rpl. § 786 e was activated already at the date when the revised law entered into force (30 March 2022), by decision of the Minister of Justice after negotiation with the Minister of Commerce (BEK no. 381). The retention period was set to 1 year commencing 30 March 2022 ending 29 March 2023. The data shall be stored until 29 March 2024. Attached to the decision is an assessment that includes information as listed in the preparatory works, see above. The assessment was thus made publicly available.

6.3.3 Internet access

Providers have a general, undifferentiated obligation to register data related to “end-users’” access to internet (rpl. § 786 f). The data shall be stored for 1 year.
Data about internet access are deemed to be “of crucial importance” (“helt afgørende”) to the investigation of a broad range of crime, in particular crime committed “in the digital domain”, notably child sexual abuse, distribution of illicit images, as well as hacking cases which have been on the rise recent years. Generally, circumstances indicate that the police have a need to - unambiguously and efficiently - be able to determine the identity of an end-user’s identity on basis of data about internet access.
P. 31.
In contrast to the other provisions, rpl. § 786 e does not require the crime to be serious.
P. 32.
 The reason is that the data to be retained do not expose the person’s private life as such, as they do not concern the servers accessed in the internet session, or third parties the person has communicated with. The data only identify the person who used an internet connection at a certain point in time (see also Section 6.4.2). The interference is thus deemed to be rather small. The data however may be vital to the investigation of all types of crime.
“…med henblik på bekæmpelse af al kriminalitet…” (p. 32). Still, to access the data, the investigation must concern an offence subject to public prosecution (offentlig påtale), see Section 6.6.
Further rules about retention of internet access data are set out in BEK no. 380. The regulation specifies the providers comprised by the regulation (Chapter 1 “Scope” §§ 1-3), the data to be registered and by whom (Chapter 2 §§ 4-7) and finally states that a contravention of the regulation is a criminal offence punishable with a fine, and that criminal liability may be incurred also by corporations (§ 8).

6.4 The data to be registered

6.4.1 Traffic data

The data to be registered and stored by the providers are referred to as “traffic data” (rpl. §§ 786 b to 786 e) and “data about an end-user’s access to internet” (rpl. § 786 f). “Traffic data” are further specified in a regulation containing thirteen categories of data, set out with legal basis in rpl. § 786 fourth para. The data categories are reiterated in the preparatory works (see below).
LFF-2021 Gen. Comm. p. 19 - 20.
 The categories encompass more data than often regarded as traffic data, such as A- and B number, time, and duration of a communication. It also includes location data related to mobile telephony (point 6), as well as name and address of subscribers and registered users (points 8 and 12), the latter often known as subscriber data.
The list set out in the regulation is exhaustive. Data not on the list are not “traffic data” and may not be comprised by a retention order even if they are generated in the provider’s service, for instance for network error detection. An example is signal data, i.e., data documenting a connection between a mobile phone and a cell mast when the mobile phone is turned on but not in use by the owner.
LFF-2021 Gen. Comm. p. 20.
 Such data may still be subject to a preservation order.

“Traffic data”:

Data related to fixed and mobile telephone networks, as well as to communication by SMS, EMS and MMS:
Short Messaging Service / Enhanced Messaging Service / Multimedia Messaging Service.
  1. Source number (A-number), and name and address of the subscriber or registered user,
  2. Receiving number (B-number), and name and address of the subscriber or registered user,
  3. Change of receiving number (C-number), and name and address of the subscriber or registered user,
  4. Receipt of received messages,
  5. The identity of the devices used in the communication (e.g., IMSI- or IMEI-numbers),
  6. The cell or those cells a mobile phone is connected to at the beginning and end of a communication, as well as precise data about the associated cell masts’ geographical or physical location at the time of the communication,
    Other geo-location data may be secured by preservation order and accessed by a production order. LFF-2021 Gen. Comm. p. 20.
     and
  7. The time when the communication begins and ends.

Data related to the providers’ own e-mail services:

  1. Sender’s e-mail address, and
  2. Recipient’s e-mail address.

Data related to the provider’s own internet-based phone services (IP-telephony):

  1. The allocated user identity (“User-ID”),
  2. The User-ID and phone number allocated to communications performed in a public electronic communication network,
  3. Name and address of the subscriber or registered user, to whom an IP-address, a user identity or a phone number was allocated at the time of the communication, and
  4. The time when the communication begun and ended.
The data listed in points 10 to 13 concern the provider’s own internet-based phone service (IP-telephony). Such service is possibly an NI-ICS. This entails that the Danish data retention rules encompass NI-ICS in so far as the service is made available by a provider under Danish jurisdiction.
Although not explicitly stated in the legal provisions, the providers’ obligation to retain data only concerns data “that are generated or processed in [their] network.”
Other geo-location data may be secured by preservation order and accessed by a production order. LFF-2021 Gen. Comm. p. 21.
 If data specified on the list are not generated in the provider’s network, for technical or other reasons, they fall outside the scope of the obligation. The provider is not obliged still to generate and store them.
The obligation may be limited also by the scope of the legal provisions. This is the case for rpl. § 786 c (geographical areas) and 786 d (order based on a concrete assessment), both explicitly excluding traffic data about fixed telephony and providers’ own internet phone services from the obligation (cf. first paragraph of both provisions).

6.4.2 Internet access data

BEK no. 380 § 4 specifies internet access data as “data that are generated or processed in providers’ network”
«…i udbydernes net…»
 concerning:
  1. The User-ID allocated to the end-user by the provider. The User-ID may be a customer number, subscriber number
    «Subscriber number» is «any number included in the comprehensive Danish number plan, that may be allocated to an end-user”, cf. DECA § 2 no. 15.
     or similar data that identify the end-user vis a vis the internet access provider,
  2. The User-ID and telephone number allocated to communications in a public electronic network. «User-ID» means identifying data allocated by the provider to the end-user when the end-user accesses the internet, including IP-address, source port number and other identifying data,
  3. Name and address of the subscriber or registered user regarding whom an IP-address, a User-ID or a telephone number was allocated at the time when the internet was accessed.
  4. The points in time when the internet was accessed, and the access was terminated.
As noted in Section 6.3.3, the purpose of retaining data about internet access pursuant to rpl. § 786 f, is to ensure availability of data that may identify the person who used an internet connection at a certain point in time. These data are referred to in rpl. § 786 f as “data about an end-user’s access to internet” (italics added). “End-user” (slutbruger) is defined in DECA § 2, no. 3 as 
a user of electronic communications networks or -services, who on a non-commercial basis makes the said networks or services available to others (italics added).
This could be organisations such as universities and public libraries and hospitals that offer internet access to their students, clients, patients. However, clearly the provision also aims for the possibility to identify individuals using their private internet connection, without making it available to others. In such case they are possibly to be regarded as “users”, which is not a defined term in DECA § 2 (the preparatory works comment that “user” and “end-user” shall be regarded as synonyms).
LFF-2021 Gen. Comm. p. 30.
 Pursuant to the definitions set out in the e-kodex Directive Article 2 points 13 and 14 there is a difference though: “user” meaning a person “using … a publicly available electronic communications service”, and “end-user” meaning a person “not providing … publicly available electronic communications services.”
See Section 5.1.3.3.
 The Danish notions seems to be somewhat at odds with the e-kodex definitions.

6.5 Provider

6.5.1 The definition

The data retention provisions specify generally that the obligation to retain data is incumbent on “providers” (“udbydere”). “Provider” is defined in DECA § 2, no. 1as
anyone who for a commercial purpose makes products, electronic communication networks or -services encompassed by DECA available to others.
The condition “for a commercial purpose” is central to the definition and means that the product, network, or service must be offered for the purpose of gaining a profit directly or indirectly.
See Section 5.1.3.3.p. 21
 Seemingly, the condition is easily applicable to actors providing fixed and mobile telephony. On the internet side however, the situation is a bit more complicated.
Firstly, it is not relevant whether the activity in fact generates a profit or not. For instance, a hotel offering “hot-spot” internet in the lobby, or internet or telephony in the hotel room, and does this without compensation, is still deemed to be a “provider” as the reason for offering the service is to make the hotel more attractive, thus gain a profit.
See Section 5.1.3.3.
 The commercial purpose is also fulfilled if the activity normally is offered for profit, even though commercial activity is not the main objective. For instance, a local municipality renting out a building to local entrepreneurs including “free” internet, is a “provider” within the meaning of DECA, therefore also within the meaning of the data retention rules.
See Section 5.1.3.3.
Libraries, hospitals, universities, schools etc., offering electronic networks or services to their clients, are not deemed to do this for a commercial purpose, hence are not “providers”.
See Section 5.1.3.3.
  Instead, they are “end-users” as explained in Section 6.4.2. To illustrate: A provider must retain data related to its own e-mail service (see Section 6.4.1, points 8 and 9). A provider is a provider within the meaning of the law only if the service is offered for a commercial purpose. With an example from a Norwegian context; the commercial e-com company Telenor that offers the e-mail service @online.no, would (pursuant to Danish regulation) have an obligation to retain data about the sender’s and the recipient’s e-mail address, while the University of Oslo that offers the  e-mail service @uio.no, to its 33 000 students and staff members, is deemed not to have a commercial purpose and would not have to retain such data.
Furthermore, recalling that the list of traffic data includes data related to the “provider’s own internet-based phone services,”
See Section 6.4.1 points 10 to 13.
 the question is who these providers are, specifically whether providers of NI-ICS generally are included.
NI-ICS is explained in Section 5.1.3.4.
 The question was touched upon in Section 6.4.1, but it is possible to dig a little deeper. At the outset, to be provider of a service within the meaning of DECA § 2, no. 1, the service must be an “electronic communications service” as defined in DECA § 2, no. 9. The definition requires the service to be transmitted between “network termination points”, i.e., physical end points in the electronic network (DECA § 2, no. 8). NI-ICS as defined in DECA § 2 no. 20 is not a service transmitted between physical endpoints, rather use of NI-ICS requires that internet access (a network termination end point) is already available. This prompts the question whether a provider of an internet-based phone service as mentioned in the list of “traffic data” set out in Section 6.4.1, must offer the service in addition to a service that is transmitted between network termination points such as fixed and mobile telephony, or internet access. In such case, only a small number of NI-ICS providers are “providers” within the meaning of the data retention rules.

6.5.2 Internet Access Providers

As rpl. § 786 f concerns retention of internet access data, a “provider” within the meaning of the provision must mean one who provides an internet access service. Reg. 380 sets out further details. Firstly, § 1 makes clear that the term “provider” shall have the same meaning as in DECA § 2, no. 1., entailing that the condition “for a commercial purpose” applies. However, transmission of radio- or TV-programs (over the internet) is positively excluded from the regulation (§ 2). This is in line with the e-kodex Directive Article 2 no. 4, which excludes services exercising editorial control over electronic content (see Section 5.1.3). 
Organisations that provide internet access to their members are not comprised by the obligation unless the number of members is 100 or more (§ 3). Organisations set up to manage apartment complexes could be covered by this rule.
§ 3: “… andelsforeninger, ejerforeninger, antenneforeninger og lignende foreninger og sammenslutninger heraf der indenfor foreningen eller sammenslutningen tilbyder elektroniske kommunikationsnet eller -tjenetser til færre enn 100 enheder.»
 If several providers register the same data, at least one of them shall do this as an obligation under rpl. § 786 f (§ 5). A provider may enter into an agreement with another provider or a third party about registration and storage of internet access data on its behalf (§ 6).

6.6 Access to retained data

The police may gain access to retained data by use of production order pursuant to the provisions set out in rpl. Ch. 74 Seizure and Production Order (beslaglæggelse og edition).  A production order may compel a person who is not a suspect to provide access to an object in his or her custody, if the object is deemed to be relevant as evidence in a criminal investigation (rpl. § 804 in conj., with § 801 first para., no. 1). The offence under investigation must be subject to public prosecution (offentlig påtale). A production order with legal basis in rpl. § 804 must be issued by a court (rpl. § 806 second para.). 
However, in respect of “traffic and location data” retained pursuant to rpl. §§ 786 b to 786 e, rpl. § 804 a is the legal basis for a production order. This provision makes the conditions and safeguards applicable to udvidet/​teleoplysning) applicable to police access to retained traffic and location data as well, see rpl. § 804 a in conj., with §§ 805 and 806. These conditions and safeguards were explained in Section 5.4.6. The decision is made by the court. The police may make the decision should the purpose otherwise be compromised. In such case a judicial review must be obtained within 24 hours (rpl. § 806 fourth para.). Importantly, to access traffic and location data the investigation must concern an offence with a prescribed maximum penalty of no less than three years. This substantially raises the threshold compared to production order issued pursuant to rpl. § 804. The regulation of access to traffic and location data is also in alignment with the conditions for access to preserved data (rpl. § 786 a) (see Section 5.3.1).
Rpl. § 804 b concerns production order regarding data that “identify an end-user’s access to electronic communications networks or-services.” The provision is applicable to retained static internet access data, IMEI and IMSI numbers. The order may be issued by the police. This differs from §§ 804 and 804 a, according to which the court must make the decision. However, similar to the condition set out in rpl. § 804, the investigation must concern an offence liable to public prosecution. Dynamic data about internet access, such as dynamic IP-addresses and source port numbers may not be accessed on basis of rpl. § 804 b, instead the procedure prescribed in rpl. § 804 must be applied, entailing that a court order is needed as opposed to an order of the police.
LFF-2021 Spec. Comm. to rpl. §§ 804 a and 804 b, p. 103-104.
 This extra safeguard was deemed necessary as identifying relevant dynamic data might not be as straightforward as for static data. The difference in legal procedure for access to static and dynamic IP-addresses is however not easily discerned from the text of the legal provisions themselves.  Also data not subject to retention such as signal data must be accessed pursuant to § 804. As the provider’s possession of the data is unrelated to any duty to retain, such data fall outside the scope of rpl. §§ 804 a and 804 b.
Nordic Council of Ministers I www.norden.org/publications I pub@norden.org