Part 2:
National Data Retention Rules

Data Retention Law in the Nordic Countries

About this publication PDF

Summary Abbreviations Terms References EU legislation Council of Europe National legislation and legal sources Denmark Finland Iceland Norway Sweden Part 1: Mandate, EU background and Nordic context 1. Mandate 2. EU legal background 3. The complexity 4. Data retention as concept 5. Nordic overview 5.1 E-com regulation 5.1.1 Introduction 5.1.2 National discretion and consequences to data retention 5.1.3 Electronic communications service 5.2 Access to subscriber data 5.2.1 Denmark 5.2.2 Finland 5.2.3 Iceland 5.2.4 Norway 5.2.5 Sweden 5.3 Expedited data preservation and partial disclosure of data 5.3.1 Denmark 5.3.2 Finland 5.3.3 Iceland 5.3.4 Norway 5.3.5 Sweden 5.4 Secret coercive measures interfering with private communication 5.4.1 Introduction – the criminality condition 5.4.2 Finland 5.4.3 Iceland 5.4.4 Norway 5.4.5 Sweden 5.4.6 Denmark Part 2: National Data Retention Rules 6. Denmark 6.1 Introduction 6.2 Targeted data retention orders 6.2.1 Introduction – the criminality condition 6.2.2 Data retention targeting convicted persons 6.2.3 Data retention targeting communication equipment and persons 6.2.4 Data retention targeting geographical area 6.2.5 Data retention based on a concrete assessment 6.3 General, undifferentiated data retention 6.3.1 Introduction 6.3.2 National security 6.3.3 Internet access 6.4 The data to be registered 6.4.1 Traffic data 6.4.2 Internet access data 6.5 Provider 6.5.1 The definition 6.5.2 Internet Access Providers 6.6 Access to retained data 7. Finland 7.1 Introduction 7.2 The data to be registered and stored 7.3 Storage period 7.4 Provider 7.5 Access to data 8. Iceland 9. Norway 9.1 Introduction 9.2 The data to be registered and stored 9.3 Storage period 9.4 Provider 9.5 Access to data 9.5.1 Introduction 9.5.2 Purpose, who that may access the data, and personal scope 9.5.3 The necessity condition 9.5.4 Formal conditions – safeguards 9.5.5 Crime prevention 10. Sweden 10.1 Introduction 10.2 The data to be registered and stored 10.3 Storage period 10.4 The person obliged to register and store data 10.5 Access to data 10.6 SOU 2023:22: Proposal for a law revision 10.6.1 Introduction 10.6.2 Proposed amendments to SECA 10.6.3 General, undifferentiated data retention to protect national security 10.6.4 Targeted data retention to combat serious crime 10.6.5 Access to data Part III: Concluding remarks

Nordic Council of Ministers I www.norden.org/publications I pub@norden.org