#data #metadata #privacy
While the rise of Internet platforms and their data-based business models have shifted public and scholarly attention towards corporate dataveillance, governments across Europe are similarly and continuously expanding their surveillance practices. This article focuses on bulk data retention as a prime example of modern state surveillance. In contrast to traditional forms of state surveillance, this is characterized by a shift from targeted interceptions of content to the general mass monitoring of communications metadata, takes place without prior suspicion, and outsources critical activities to the private sector. The article provides a comprehensive and up-to-date comparison of data-retention legislations and attendant discussions in Europe with a specific focus on the risks of modern state surveillance. The results indicate that both national bulk data-retention legislation and other forms of data retention such as subscriber and IP–address retention, targeted data retention, and expedited data retention fail to mitigate these risks. This highlights the need to develop precise criteria for the necessity and proportionality of data retention and effective safeguards regarding data security and protection.