cross-posted from: https://lemmy.zip/post/55706105
The topic has been debated since April, when the EU Commission first unveiled “ProtectEU,” a strategy aiming to create a roadmap for “lawful and effective access to data for law enforcement.” The Commission then presented the Roadmap in June, which outlined an intent to decrypt citizens’ private data by 2030.
Most member states argue that simply knowing who owns an account isn’t enough. Instead, they want a new legal baseline where companies are forced to log exactly when and where a user was online, as well as the IP addresses they used to connect.
As AdGuard VPN’s Chief Product Officer, Denis Vyazovoy, told TechRadar back in April: “A legal framework that forces VPNs to retain user metadata – potentially for a prolonged period – could make such services untenable, leading to the withdrawal of VPN providers from the EU.”
Companies are going to hate it when they’re not allowed to have remote connections for their directors and IT departments.
Either there will be exceptions for corporations or there will be a backdoor requirement with which corporations will comply, and we’ll soon be seeing headlines about state-sponsored hackers taking advantage of it.
Companies generally do not use ‘VPN services’, they maintain their own VPNs. This is what makes them virtual Private networks. The data retention laws are aimed for the ‘VPN providers’ who use the ‘VPN’ term for a different, very non-private services, used to circumvent geolocation and make tracking (even lawful) by some parties harder.
I do not say those services should not exist (there are legitimate uses for them), but do not mix them with actual private networks.