In a letter to the country’s Social Security Administration, Iceland’s Data Protection Authority Personuvernd states that IP addresses are not a reliable way to determine a person’s true location.
Starting April 6, 2009, European Union telecommunications companies and Internet service providers (ISPs) suddenly found themselves required to store even more data about their users.
Under existing requirements under the 2006 Data Retention Directive, telecommunications providers are required to retain records (when calls were made and the origination/destination details) regarding telephone calls made over their lines.
Now, The Data Retention Regulations 2009, those European telecommunication providers, and for the first time some ISPs (other than ISPs that also provide voice over IP services, which have always been covered), must retain details of Internet traffic and electronic mail transmissions for a period of six (6) to twenty-four (24) months from origination. The United Kingdom has determined that the period of retention shall be twelve (12) months. Sweden has threatened to “ignore” these new requirements.
Although the new regulations do not require the retention of the actual data (i.e., the telephone conversations, Internet content or the electronic mail content), affected European telecommunication providers and ISPs must retain the details of the transmissions (e.g., origination and destination telephone numbers, length of telephone calls, IP address of the user, but not the destination IP addresses, and electronic mail addresses, time of transmission).