Following the invalidation of the Data Retention Directive by the Court of Justice of the EU in April 2014, the e-Privacy Directive constitutes the EU legal basis for member states to oblige electronic service providers (ECS) to retain metadata (e.g. traffic and location data).
Our latest benchmark shows that of the 18 surveyed European countries, only Germany, the Netherlands and Romania do not have any data retention rules in force.
Nearly all the surveyed countries impose on providers of electronic communications services general and indiscriminate data retention obligations. Only Belgium, Denmark and the UK foresee targeted retention of metadata.
The European Commission is consulting on the possible reintroduction of an EU-wide framework for metadata retention obligations.
For more information and access to the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
06 February 26
The DNA explained: deadlines set for copper switch-off, but with exceptions
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers copper switch-off.
06 February 26
The DNA explained: no major overhaul of SMP access rules
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers SMP access rules.
05 February 26
Revised Cybersecurity Act (CSA2) - mechanism to restrict high-risk ICT suppliers in critical sectors
Cullen International published an analysis of the proposed provisions to restrict high-risk suppliers (HRS) under the revised Cybersecurity Act (CSA2) delivered by the European Commission on 20 January 2026.