For how long ISPs keep record of Internet usage?

    • For how long ISPs keep record of Internet usage?

    • Do they keep record of every page we visit?

    • In what form do they keep such records (remote IP, URL, page title, headers, etc.)?

    • Is it possible for an employee working at ISP to monitor an individual customer's Internet usage?

    The question is too broad: things vary by country and by ISP.

    Way too broad, please edit

  • Philipp

    Philipp Correct answer

    7 years ago

    Well, technically they can log all of what you mentioned and more. Your ISP is in the technical position to monitor and log (and modify!) every single byte you send and receive via the internet, and they would be capable of doing it without drawing much attention when they would want to. But whether or not they do depends on two factors:

    1. How much surveillance is economically useful for them (inspecting and analyzing petaybytes of internet traffic costs a lot more hardware than just routing it blindly)
    2. How much the local laws require or prohibit them to do it.

    One information you can be quite certain that is logged for a longer time is what IP address you had when. I wouldn't know a country where you won't get caught when you commit a crime online and law enforcement is able to get the IP address you had while doing it.

    The rest of this answer focuses on the situation in countries which belong to the European Union. Input from people knowledgeable about local laws in other parts of the world would be appreciated.

    In the EU, there is the data retention directive which states that all EU countries must make local laws which force the ISPs to record the following data of all their users for at least six months:

    • When and for how long they were online
    • IP address they got assigned and when
    • Who they connected to using IP telephony
    • Receivers and senders of their email

    But this directive says that this data must only be used for law enforcement purposes. There is also the EU data protection directive which requires EU countries to have local laws which prohibit ISPs (or anyone who deals with personal data) from recording more data than necessary and using it for purposes they haven't notified their customers about. This greatly limits what they can (legally!) do with the data they record.

    How different EU countries ratify these directive in local laws vary. Some countries didn't ratify them completely, others have local laws which go far beyond. Check your local laws for more information.

    Another interesting source of information could be the privacy policy of your ISP. It should include a section about what data they log and for what purpose.

    Regarding illegal monitoring: One could argue that just because the law prohibits an ISP from snooping on their users doesn't mean that they follow these laws. They are large evil corporations™, after all. An ISP could snoop on users illegally. But keep in mind that ISPs are profit-oriented companies. The only reason for them to do large-scale surveillance would be to sell that data to someone. While they certainly are in a position to collect a lot of data which would be extremely valuable for certain parties, they can hardly make business with them. The risk of getting found out and suffering the resulting PR disaster is just too big for them.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM