EU member states have reacted differently to the annulment of the Data Retention Directive (DRD) by the Court of Justice of the EU in April 2014. Whereas some countries annulled or amended their data retention laws, others have not changed the rules despite the CJEU’s judgments.
A new benchmark by Cullen International looks into the state of data retention rules across 17 European countries.
The research shows that of the surveyed European countries:
- only Germany and Romania do not have data retention rules in force;
- nearly all of them impose on providers of electronic communications services general and indiscriminate data retention obligations; and
- Belgium and Denmark are the only ones with a targeted retention regime in place.
To access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy Service.
more news
14 July 25
How are EU member states transposing NIS2?
Our benchmark tracks the transposition status of the directive on measures for a high common level of cybersecurity across the EU (NIS2) in the 27 member states. 14 countries adopted national legislation to transpose NIS2.
10 July 25
WhatsApp and other communication apps must allow legal interception in less than half of the EU countries
Our new pan-European benchmark examines national rules of lawful interception obligations for number-independent interpersonal communications service providers, such as WhatsApp.
09 July 25
Countries tighten IoT rules with new security, numbering and device measures
Our Quarterly Regulatory Update on IoT and M2M Services (Q2 2025) highlights how national regulators are shaping the future of IoT and M2M services in areas such as cross-border connectivity, device regulation, and security.