Swedish ISP Bahnhof threatened with fine for not storing customer data for law enforcement

3 Comments

Credit: Bahnhof

When Europe’s top court struck down the EU-wide Data Retention Directive in April for being excessive and against privacy rights, many communications providers breathed a sigh of relief. Among them was Swedish ISP Bahnhof, which said it would immediately stop keeping records of its customers’ communications for law enforcement purposes.

However, this week the Swedish telecoms regulator PTS ordered Bahnhof to start retaining communications data again, for six-month periods. Bahnhof has been ordered to do so by November 24 or pay a five million krona ($680,000) fine.

Sweden only started enforcing the EU Data Retention Directive locally in 2012, and in the wake of the EU ruling PTS told Bahnhof and other ISPs that they could stop retaining call records and internet metadata without fear of punishment.

In June, though, the Swedish government insisted that the country’s data retention law still applied. It appointed a commission to study the issue, which reported back that Sweden’s law didn’t conflict with the Court of Justice of the European Union (CJEU) ruling.

PTS succeeded in getting most of the country’s ISPs to start retaining records for law enforcement purposes again, although major provider Tele2 appealed. This week’s PTS order followed an October 13 ruling in which a Stockholm administrative court rejected that appeal, proclaiming that Sweden’s data retention laws carried sufficient safeguards and were acceptable.

Bahnhof – the proprietor of a nuclear bunker data center under a mountain, as used by Wikileaks — is now the sole holdout, having complained to the European Commission last month with, as yet, no meaningful response.

CEO Jon Karlung told IDG that he has a “Plan B” to avoid having to give up customer data as the government and regulator desire, butdidn’t provide details. However, he did say he would fight the latest order in court.

Sweden isn’t the only country to try forging on with data retention despite the CJEU ruling. The U.K. went so far as to use the ruling as an excuse to expand its data retention laws, rather than get rid of them.

3 Comments

elfonblog

When the State mandates that businesses pay the bill for the retention of records, and mechanisms to access them, some businesses might suffer due to the impact on “cost of business”. Don’t fret though. The State will let them outsource it cheaply…. to secretly-State-operated shell companies. The NSA does this in USA. Plus, the revenue provides them with extra funds that don’t appear on the government budget.

Dan Willis

The sooner corporations start investing in next gen cloud tech the more viable it will become for everyone. http://www.perfectcloud.io have some pretty amazing stuff happening and its just a sign of more amazing innovations on the way!

Comments are closed.