TZUTC: -0500   
   MSGID: 1839.consprcy@1:2320/105 2da6a2a1   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   The EU prepares ground for wider data retention  and VPN providers are among   
   the targets   
      
   Date:   
   Mon, 15 Dec 2025 19:01:37 +0000   
      
   Description:   
   With the Chat Control bill entering its final stage, the EU Council has been   
   busy thinking about what a new data retention framework could look like.   
      
   FULL STORY   
      
   EU governments are pushing to widen data retention obligations for apps that   
   citizens use every day  and the best VPN apps are among those targeted.    
      
   A new internal document dated November 27 (first published by Netzpolitik )   
   provides important insights into the current thinking of the Danish    
   Presidency of the EU Council. It shows that member states largely agree on    
   the need for a new framework on data retention, presenting an important   
   overview of lawmakers main position on the matter.    
      
   The topic has been debated since April, when the EU Commission first unveiled   
   " ProtectEU ," a strategy aiming to create a roadmap for "lawful and    
   effective access to data for law enforcement." The Commission then presented   
   the Roadmap in June, which outlined an intent to decrypt citizens' private   
   data by 2030 .    
      
   Crucially, the document reveals that EU governments see metadata     
   specifically traffic and location history  as the most vital tool for law   
   enforcement.    
      
   Most member states argue that simply knowing who owns an account isn't    
   enough. Instead, they want a new legal baseline where companies are forced to   
   log exactly when and where a user was online, as well as the IP addresses    
   they used to connect.    
      
   The document notes that member states are aware of the legal hurdles of   
   gathering this data and emphasize that any new system must include robust   
   safeguards and strict proportionality to satisfy the courts.    
      
   However, privacy experts and technologists have long warned that such   
   'safeguards' are not enough, arguing that you cannot weaken encryption or   
   retain this data without fundamentally compromising user security.    
      
   Besides virtual private network (VPN) companies, other online services   
   targeted include messaging apps, hosting providers, file sharing services,   
   cloud storage apps, and other over-the-top (OTT) services.    
      
   An impact assessment is due in early 2026. Lawmakers are waiting for the   
   outcome before presenting a legislative proposal, which is expected around   
   June next year.   
      
   What's next for EU citizens privacy?   
      
   Greater data retention obligations would clash directly with the core   
   architecture of privacy-preserving technology.    
      
   Take no-log VPNs , for example. These services are designed specifically not   
   to log user activity, and their security promise relies on the fact that the   
   data simply does not exist.    
      
   That model appears to be incompatible with the retention requirements EU   
   member states are now demanding. If the Council's vision becomes law, a   
   "no-log" service could effectively be illegal in Europe.    
      
   As AdGuard VPN 's Chief Product Officer, Denis Vyazovoy, told TechRadar back   
   in April : "A legal framework that forces VPNs to retain user metadata   
   potentially for a prolonged period  could make such services untenable,   
   leading to the withdrawal of VPN providers from the EU."    
      
   Similarly, NordVPN spokesperson told TechRadar that collecting more user data   
   would threaten people's security.    
      
   We have approached other major providers for their reaction to the Council's   
   latest document and will update this page when we hear back.    
      
   While the final legislation is still being drafted and ProtectEU's future is   
   uncertain, European governments seem determined to grant law enforcement ever   
   more access to our data, regardless of the technical or privacy   
   contradictions.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/vpn/vpn-privacy-security/the-eu-prepares-ground-for-   
   wider-data-retention-and-vpn-providers-are-among-the-targets   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426