Pressure group Privacy International has warned that 21 countries across the European Union, including the UK, France and Germany, are routinely retaining personal data that they shouldn't.
Furthermore, none of the countries named by Privacy International are in compliance with human rights standards as applied to their own legislation on data retention.
The countries named are:
- Czech Republic;
- The Netherlands;
- Sweden; and,
- The UK.
Privacy International's head of policy and advocacy, Tomaso Falchetta, said: "Blanket and indiscriminate retention of our digital histories — who we interact with, when and how and where — can be a very intrusive form of surveillance that needs strict safeguards against abuse and mission creep."
He continued: "Our communications data is no less sensitive than the content of our communications. It is clear that current data retention regimes in Europe violate the right to privacy and other fundamental human rights.
"In particular the European Court has made clear that general, indiscriminate retention of communications data is disproportionate and cannot be justified, not even on the grounds of fighting crime.
"While some states have recognised the need to reform, there is little evidence that they are moving to change their laws to bring them into line with their obligations under existing human rights law."
Privacy International, which is already suing the so-called "Five Eyes" states over their surveillance practices, has called for member states to review their legislation and adjust it to European standards and ensure that telecoms (and other) companies that are subject to such standards pressure their governments to comply too.
It also asks that the EU provides guidance on reviewing national retention laws.
But this political hot potato is broader than just the EU. Russia, for example, now insists that all parties keep any data generated in Russia on local soil. China has also adopted similar laws.
Surprisingly, Germany is one of the countries on the list. It already has some of the most stringent data protection laws in the world and its appearance on this list raises the question of whether any government in the world complies with its own laws on data protection and privacy.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all