The Center for Democracy and Technology (CDT) has issued a policy post on data retention. Here’s a snippet from their post:
If Congress is seriously considering legislation, it should look carefully at the development of Europe’s mandatory data retention policy. Many European countries and courts are backing away from the European Union data retention mandates that were enacted (but not fully implemented) a few years ago. At least three national courts have questioned the validity of a data retention regime, and another has referred to the European Court of Justice a case that could call into question the validity of the entire European data retention scheme itself.
Finally, Congress must look at the whole picture when assessing law enforcement success in prosecuting child exploitation crimes. Child exploitation is a horrific crime and it is important that law enforcement have the necessary resources to prosecute it. But data retention mandate is not the answer. Congress has already enacted strong data preservation laws to aid in the prosecution of child pornography. The PROTECT Our Children Act of 2008 requires ISPs who receive reports of apparent child pornography to immediately preserve detailed subscriber records for the user associated with the implicated IP address and to forward a report to the National Center for Missing and Exploited Children. NCMEC sends the report to the appropriate law enforcement agency and the ISP must preserve the records for at least 90 days, and up to 180, to give law enforcement time to begin an investigation.
Read more on CDT.