TZUTC: -0500
MSGID: 1839.consprcy@1:2320/105 2da6a2a1
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
The EU prepares ground for wider data retention  and VPN providers are among
the targets

Date:
Mon, 15 Dec 2025 19:01:37 +0000

Description:
With the Chat Control bill entering its final stage, the EU Council has been
busy thinking about what a new data retention framework could look like.

FULL STORY

EU governments are pushing to widen data retention obligations for apps that
citizens use every day  and the best VPN apps are among those targeted. 

A new internal document dated November 27 (first published by Netzpolitik )
provides important insights into the current thinking of the Danish 
Presidency of the EU Council. It shows that member states largely agree on 
the need for a new framework on data retention, presenting an important
overview of lawmakers main position on the matter. 

The topic has been debated since April, when the EU Commission first unveiled
" ProtectEU ," a strategy aiming to create a roadmap for "lawful and 
effective access to data for law enforcement." The Commission then presented
the Roadmap in June, which outlined an intent to decrypt citizens' private
data by 2030 . 

Crucially, the document reveals that EU governments see metadata  
specifically traffic and location history  as the most vital tool for law
enforcement. 

Most member states argue that simply knowing who owns an account isn't 
enough. Instead, they want a new legal baseline where companies are forced to
log exactly when and where a user was online, as well as the IP addresses 
they used to connect. 

The document notes that member states are aware of the legal hurdles of
gathering this data and emphasize that any new system must include robust
safeguards and strict proportionality to satisfy the courts. 

However, privacy experts and technologists have long warned that such
'safeguards' are not enough, arguing that you cannot weaken encryption or
retain this data without fundamentally compromising user security. 

Besides virtual private network (VPN) companies, other online services
targeted include messaging apps, hosting providers, file sharing services,
cloud storage apps, and other over-the-top (OTT) services. 

An impact assessment is due in early 2026. Lawmakers are waiting for the
outcome before presenting a legislative proposal, which is expected around
June next year.

What's next for EU citizens privacy?

Greater data retention obligations would clash directly with the core
architecture of privacy-preserving technology. 

Take no-log VPNs , for example. These services are designed specifically not
to log user activity, and their security promise relies on the fact that the
data simply does not exist. 

That model appears to be incompatible with the retention requirements EU
member states are now demanding. If the Council's vision becomes law, a
"no-log" service could effectively be illegal in Europe. 

As AdGuard VPN 's Chief Product Officer, Denis Vyazovoy, told TechRadar back
in April : "A legal framework that forces VPNs to retain user metadata
potentially for a prolonged period  could make such services untenable,
leading to the withdrawal of VPN providers from the EU." 

Similarly, NordVPN spokesperson told TechRadar that collecting more user data
would threaten people's security. 

We have approached other major providers for their reaction to the Council's
latest document and will update this page when we hear back. 

While the final legislation is still being drafted and ProtectEU's future is
uncertain, European governments seem determined to grant law enforcement ever
more access to our data, regardless of the technical or privacy
contradictions. 

======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/the-eu-prepares-ground-for-
wider-data-retention-and-vpn-providers-are-among-the-targets

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426