Following the invalidation of the Data Retention Directive by the Court of Justice of the EU in April 2014, the e-Privacy Directive constitutes the EU legal basis for member states to oblige electronic service providers (ECS) to retain metadata (e.g. traffic and location data).
Our latest benchmark shows that of the 18 surveyed European countries, only Germany, the Netherlands and Romania do not have any data retention rules in force.
Nearly all the surveyed countries impose on providers of electronic communications services general and indiscriminate data retention obligations. Only Belgium, Denmark and the UK foresee targeted retention of metadata.
The European Commission is consulting on the possible reintroduction of an EU-wide framework for metadata retention obligations.
For more information and access to the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
25 February 26
Protection of minors: overview of national initiatives on banning access to social media
Our latest benchmark shows that an increasing number of European countries are discussing a potential social media ban on children.
23 February 26
The DNA explained: universal service to serve the same goals under a revised approach
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers universal service.
20 February 26
Revised Cybersecurity Act (CSA2) - Changes to the EU cybersecurity certification framework
Cullen International published an analysis of the proposed changes to the EU cybersecurity certification framework under the draft Cybersecurity Act 2 (CSA2) delivered by the European Commission on 20 January 2026.