Denmark is the first EU Member State to pass a statute implementing the European Union’s Data Retention

Directive, which calls on communication network operators to retain certain data for a period of six months to

two years. Attorneys from Morrison & Foerster analyze the Danish law and the Directive, noting that certain

definitions in the Directive are somewhat ambiguous and that the scope of what must be retained is quite

broad. They say the Directive left a number of important decisions for the EU Member States, meaning that

companies operating in multiple EU Member Sates must devise country-specific compliance strategies to meet

the Directives requirements.

Late last year, Denmark became the first EU Member State to pass a statute implementing the Data Retention Directive (the Directive) of the European Union.[1] The Directive is intended to improve the investigation of “serious crimes,” including terrorism, by giving the Member State authorities access to communications data that the communications service providers are required to retain for extended periods of time.

The Danish implementing statute is set to enter into force on Sept. 15, 2007, the required implementation date

under the Directive. By then, all Member States should have legislation in place that requires the retention of

communications data related to fixed telephone numbers and mobile phone numbers. Similar requirements for retaining Internet communications data must be in place by March 15, 2009, at the latest. While implementing legislation has been introduced (but not yet enacted) in other Member States, including Spain, Germany, and the United Kingdom, significant delays are expected. In a meeting held in Brussels on March 14, 2007, where implementation of the Directive was discussed, the Member State government representatives communicated that only a few have even preliminary drafts currently in their national legislatures.