Library of Congress

Law Library of Congress

The Library of Congress > Law Library > News & Events > Global Legal Monitor

Netherlands: Mandated Period of Provider Retention of Internet Data Shortened

(July 25, 2011) As of July 16, 2011, providers of public telecommunications networks or services in the Netherlands are mandated to retain Internet-related data for a period of six months, reduced from the former requisite period of 12 months. (Press Release, Ministry of Security and Justice, Retention Period of Internet Data Reduced to Six Months (July 15, 2011).)

According to the Dutch Senate's bill on the telecommunications data retention period (proposal 32.185, amending article 13.2a, third paragraph, of the Telecommunications Act), which was adopted as law, the six-month retention period applies to data on Internet access, e-mail over the Internet, and Internet telephone services (art. 13.2a, ¶ 3(b)). The 12-month retention period for data on telephone services through fixed or mobile networks (art. 13.2a, ¶ 3(a)) remains in place. (Id.; 32.185 Verkorting bewaartermijn internetgegevens tot zes maanden [32.185 Shortening of Internet Data Retention Period to Six Months], Eerste Kamer van Staten-Generaal [Senate of the Dutch Parliament] website [includes link to Senate text of the proposal, Amendment of the Telecommunications Act in Connection with the Adjustment of the Retention Period for Telecommunications Data Regarding Internet Access, E-Mail over the Internet, and Internet Telephone Services [in Dutch] (last visited July 21, 2011).)

The specific types of data to be retained in connection with the respective means of communication under paragraphs 3(a) and 3(b) are set forth in an annex to article 13.2a, paragraph 3, of the Telecommunications Act. (Telecommunicatiewet of October 19, 1998 (in force on Dec. 15, 1998) (as amended) [site updated as of July 21, 2011, and with link from revised article 13.2a, ¶ 3, to its Appendix, Parts A & B, on the data to be retained].) According to a press release issued by the Dutch Ministry of Security and Justice, “the police and the judicial authorities may use these data for the investigation and prosecution of serious offences.” (Press Release, supra.)

The Telecommunications Data Retention Act entered into force on September 1, 2009. The text of the Act is published in 333 STAATSBLAD VAN HET KONINKRIJK DER NEDERLANDEN [OFFICIAL GAZETTE OF THE KINGDOM OF THE NETHERLANDS] [hereinafter STAATSBLAD] (July 30, 2009); its implementing decree is in 360 STAATSBLAD (Aug. 28, 2009). (For the legislative history of the Act, see 31.145 Wet bewaarplicht telecommunicatiegegevens, Eerste Kamer der Staten Generaal website.)

On July 6, 2011, a law was adopted in conformity with the above changes to amend the Telecommunications Act; this amending law was published on July 15. (Wet van 6 juli 2011 tot wijziging van de Telecommunicatiewet in verband met deaanpassing van de bewaartermijn voor telecommunicatiegegevens met betrekking totinternettoegang, e-mail over het internet en internettelefonie, 350STAATSBLAD (2011) (last visited July 21, 2011) [has link to STAATSBLAD official text].)

Under the European Union's Data Retention Directive, providers must retain prescribed categories of data for a period of at least six months but not more than two years from the date of the communication; therefore, the new Dutch provisions remain in conformity with this regulation. (Press Release, supra; art. 6, Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the Retention of Data Generated or Processed in Connection with the Provision of Publicly Available Electronic Communications Services or of Public Communications Networks and Amending Directive 2002/58/EC, OFFICIAL JOURNAL OF THE EUROPEAN UNION L 105/54 (Apr. 13, 2006).) As the Dutch Ministry of Security and Justice press release on the new Dutch provisions points out, “[t]he retention obligation does not pertain to the contents of the communication, but to the data on contacts and calling behaviour of the individuals, which is referred to as 'traffic data.'” (Press Release, supra.)

The Dutch Senate, in the same week that it approved the data retention amendment law, made public its correspondence with the Ministry of Security and Justice on the European Commission's evaluation of the Data Retention Directive. Among other comments, the Senate stated in one letter that it found the evaluation report “unsatisfying,” “unconvincing,” and “disappointing” and posed the question to the Minister of Security and Justice of whether the Directive should be withdrawn. It put forward other criticisms as well:

Most notably, the Senate concludes that the report does not adequately demonstrate the necessity and proportionality of the Directive (2006/46/EC) and that it fails to prove a “pressing social need” for the Directive, as the E-Privacy Directive (2002/58/EC) already provides for storage of certain traffic data for billing and marketing purposes. The Senate also voiced reservations on its effectiveness. All these criteria – necessity, proportionality, pressing social need, effectiveness – have to be met in order to meet the safeguards of the European Convention on Human Rights (ECHR).

The Senate also criticises the report for “too easily sidestepping” several Constitutional Court cases across the European Union, in which implementation laws were ruled unconstitutional or the principle of blanket data retention itself was deemed in breach of the ECHR. And it points out that the Dutch submission to the evaluation is particularly unsatisfying and “methodologically questionable”. Finally, it reiterates the fact that historic traffic data were already available after the London and Madrid bombings, without a Directive mandating blanket retention schemes being in place. On the basis of its analysis, the Senate asks the Minister whether the withdrawal of the Directive should be considered. (Dutch Senate “Disappointed” with Data Retention Directive Evaluation, EDRI-GRAM, No. 9.14, (July 13, 2011).)