Swedish regulator orders ISP to retain customer data despite death of EU directive
Wed 29 Oct 2014

The Swedish Telecoms Regulator PTS has threatened Kista-based ISP Bahnhof to continue storing records of its customer communications, even though the Court of Justice of the European Union (CJEU) ruled the 2006 Data Retention Directive invalid [PDF] in April of this year.
Bahnhof was among the many ISPs which expressed its intention to immediately cease to store records of its clients, but in June the Swedish government in Stockholm backtracked on the issue and declared that ISPs must continue to retain customer data for law enforcement purposes. Though Tele2 appealed against the directive, all ISPs besides Bahnhof have now complied.
Bahnhof is facing a fine of five million krona (£530mn +) for non-compliance with the order, which specifies that the ISP must retain customer data for six months. The company’s CEO Jon Karlung spoke of a ‘Plan B’ that could avoid Bahnhof surrendering customer data, but gave no details, and said that the company would fight the issue in court.
In 2011 Karlung was in the vanguard of Swedish ISPs opposed [automatic translation] to the country’s adoption of the Data Retention Directive, proposing to actually charge customers $50 extra a month in order to store a record of their information.
It took Sweden six years to begin compliance with the Brussels-issued Data Retention Directive, so it is not entirely clear why the country is matched only by the UK in its determination to keep storing local customer information. In July the UK responded to the EU abolition of the 2006 directive by controversially fast-tracking The Data Retention and Investigatory Powers (DRIP) Bill, which significantly increased rather than reduced the scope of the original edict.