ISP Data Retention Policies in the United States

In the aftermath of the Snowden scandal, and an on-going concern for cyber-surveillance practices, the United States Congress and the American people are increasingly concerned that their online privacy is at risk. The government continues to wrestle with the possibility of including mandatory data retention standards for Internet Service Providers (“ISPs”). While this poses a serious threat to individual privacy, supporters of data retention argue that these standards are essential to national and personal safety.

What Is Data Retention?

Data retention is the practice of ISPs monitoring and storing information tied to an IP address, including, but not limited to, browsing history. ISPs that also provide email services may store email logs, but not the content of those emails. ISPs also have the capacity to identify which third-party email service providers are tied to an IP address. Law enforcement agencies could require ISPs to turn over this information in the course of a criminal investigation. PRISM, the National Security Agency’s avenue of access to online data, is similar to traditional data retention practices, except that PRISM targets cloud-based services. Currently, there are no mandatory data retention policies in America. However, governmental pressures and international influences may be pushing America to join Europe in its data retention practices. In March 2013, James Sensenbrenner, Republican House representative from Wisconsin and the author of the Patriot Act, argued that America should adopt ISP data retention laws similar to those in Europe. Indeed, the Justice Department has fully supported data retention policies. The Justice Department argues that the lack of data retention policies dramatically hinders law enforcement efforts. However, regardless of whether the government implements policies requiring ISPs to store personal data, ISPs currently maintain the freedom to monitor and track online activity. Indeed, Time Warner currently retains user data for six months, and Verizon retains data for eighteen months. Then, under the Stored Communications Act, which is codified under 18 U.S.C. ยง 2701 et seq., the government may access this data.

How Does Data Retention Affect International Online Privacy?

The 2006 European Data Retention Directive requires that all European Union ISPs keep records of their users for two years. Australian law enforcement agencies are pushing the government to adopt and implement ISP retention policies that require them to indefinitely store personal data. England has been a strong supporter of Europe’s data retention policies. In 2000, the United Kingdom enacted the Regulation of Investigatory Powers Act (“RIPA”), allowing public agencies to carry out surveillance of private citizens without a warrant. However, in Germany, the government has taken a strong stance against data retention policies, arguing instead for the preservation of individual privacy. Nonetheless, there is a growing concern that the trend favoring data retention will soon transfer to America.

At the Law Offices of Salar Atrizadeh, we guide our clients in legal matters regarding all aspects of your online privacy concerns by using extensive knowledge and skills to create innovative solutions to resolve your legal disputes. Please contact us today to set up a confidential consultation.