The data retention directive from the European Union sets the frame, but not the exact implementation in-law from the sovereign countries. Wikipedia lists a rough legal framework, but the exact implementation is up to the single countries.
One approach is to not incorporate as an ISP and then IP data retention laws do not apply. Often it is so that an organization self-identifies and registers as an ISP.
In Germany, data retention was implemented to store the collected data for six months. They had a – compared to other countries – rather less-restrictive law, forcing providers to “only” save:
For Internet connections, for every connection (together with the actual customer):
* time of login
* time of logout
* IP of the connection
For e-mail, for every mail: * the sender * the receiver * the exact date * (essentiall, this is the standard mail log you had to keep)
There was a large “collective” lawsuit by several large organisations (initiated by the Arbeitskreis Vorratsdatenspeicherung). They collected signatures of about 35.000 inhabitants against data retention, and, eventually, the constitutional court considered the German law to be contrary to the German constitution. Since that rendered the current data retention illegal, providers had to delete the data they collected and reduce the amount of data they stored.
But the court did not consider the law in principle to be against the constitution, it was just the current implementation. Several politicians have rised the issue since then, and the new great coalition (from 2013) said they want to wait for the decision on the European level. But there are still politicians and spokesmen of legal institutions which are trying to get the law as soon as possible.
State: February 2014
State: November 2015: data retention is back
(This is only about the part of the Danish data retention law that concerns ISP's, telcom rules about phone and sms are not covered)
The Danish law concerns all ISP's that does not fall into one of the following category:
The following data have to be logged in a per-session manner:
This information available and linkable to the session log (described above):
Providers who offer wireless networks must also:
E-mails must be logged with the following information:
This is about it :)
No data retention since March 2015:
Has anyone an article in English?