Live, Die, Repeat: The fight against data retention and boundless access to data

Day 2 14:45 Zero en Ethics, Society & Politics
Dec. 28, 2025 14:45-15:25
Both within the EU as well as nationally in Germany, there exists a renewed drive to implement data retention, a practice struck down by the ECJ and discontinued in many national legislations. In parallel, cross-border access to stored data has been mandated within the EU as “e-evidence”, and will soon be extended to 90+ countries under the umbrella of the EU cybercrime convention. In principle, all data stored by service providers will be available to law enforcement as part of a criminal investigation. The timing of both initiatives is not coincidental, as access to data naturally relies on the availability of data. The talk will address the state of play on data retention in various legislations, and introduce the practice of cross border access to stored data by law enforcement as well as its shortcomings and threats to privacy and confidentiality.

The Specter of Data Retention is back in the political arena, both as a harmonized, EU-wide approach as well as being part of the coalition agreement of the new German national government. Other countries have already recently implemented new data retention laws, i.e. Belgium or Denmark. In parallel, access to all types of stored data – and not only data stored under a data retention regime – by law enforcement has been radically reformed by groundbreaking new legislation, undermining both exiting national safeguards as well as protections implemented by businesses aiming for a higher standard in cyber security and data protection.
The talk will give an overview on recent developments for a harmonized “minimum” approach to data retention under the Polish and Danish EU presidency as well as the new German legislation currently under consideration. It will introduce the upcoming international release mechanisms for stored data under the e-evidence legislation, the 2nd protocol to the EU cybercrime convention as well as future threats from the UN cybercrime convention. It will address how a cross-border request for information works in practice, which types of data can be requested by whom, and who will be responsible for the few remaining safeguards – including an analysis of the threat model and potential “side channel” attacks by cybercrime to gain access to basically all data stored by and with service providers.

Speakers of this event

Avatar of Klaus Landefeld
Klaus Landefeld

Klaus is an expert on internet and telecommunications infrastructure and networks, net neutrality, data retention, surveillance, and IT security. As early as 1984, he was setting up mailbox systems and LAN infrastructure. In 1995 he founded Nacamar, one of the first independent ISPs in Germany, which became the first German tier one globally. From 1999, he was CTO of the pan-European World Online N.V. group, where he was responsible for 1,500 technicians in 17 countries. Since 2013, Klaus is CEO of nGENn GmbH and is advising companies on the build and operation of broadband access networks, data centers, and IP services. He also acts as data protection and security officer for diverse carriers and satellite operators. Representing eco e.V. and EuroISPA, Klaus is negotiating the diverse iterations of data retention legislation as an industry expert since 2004. He is also a member of the EU e-evidence implementation expert group as well as an expert for the implementation of the 2nd Budapest protocol for the EU cybercrime convention.