END the FCC Data Retention Mandate!
The FCC requires the telephone companies to keep your telephone records for 18 months for future criminal investigations.
This violates your privacy and should end!
- The retention of phone records implicates the privacy and freedom of association rights of millions of Americans.
- The retention of phone records increases the risk of data breaches like the OPM breach in 2015.
- Modern bundled phone billing makes the 1986 rule unnecessary.
- The U.S. data retention requirement is at odds with international law and fundamental rights.
How You Can Help
On August 4, 2015, a coalition of civil society organizations, legal scholars, technology experts, and EPIC filed a petition with the FCC asking the Commission to repeal a regulation that requires telephone companies to retain the detailed call records of their customers. The coalition explained that the regulation was unduly burdensome and ineffectual and posed an ongoing threat to the privacy and security of American consumers. On May 17, 2017, the FCC published a Public Notice seeking comment on the petition. Comments are due June 16, 2016.
- EPIC Again Urges FCC to Repeal Data Retention Regulation: EPIC filed comments with the Federal Communications Commission again urging the agency to repeal a regulation that requires the bulk retention of calling records of American telephone customers. EPIC and a coalition of civil rights organizations, technical experts and legal scholars first signed a petition for repeal of the FCC regulation three years ago. When the FCC docketed the petition for public comment, every comment received by the agency favored the EPIC petition to end the data retention regulation. In comments to the agency last year, EPIC again urged the FCC to drop the requirement. In response to an agency proposal to extend the rule, EPIC explained that "the regulation is unduly burdensome, ineffectual, and threatens privacy and security." EPIC also pointed to recent cases in Europe prohibiting the mass retention of phone records. "The United States has fallen behind other advanced democracies around the world" explained EPIC to the FCC. (May. 13, 2019)
- Irish Court Finds Data Retention Law Violates Human Rights: The Irish High Court has ruled that Ireland's retention of telephone data violates European Law and the European Convention on Human Rights. The Communications Act, which requires all service providers to retain data for two years, is "general and indiscriminate." The Court also found insufficient safeguards for access to data, noting that the law did not require prior judicial and had few guarantees against abuse.The Court will now issue a final order to determine how the case will proceed. EPIC is participating DPC v. Facebook - an Irish High Court Case recently referred to the top European Court of Justice to determine whether Facebook's transfer of data from Ireland to the United States violates EU data protection law. EPIC has also petitioned the FCC to end a similar data retention mandate, arguing that it is inconsistent with international law. (Dec. 11, 2018)
- EPIC Urges FCC To End The Data Retention Mandate + (Aug. 2, 2018)
- EPIC Urges Congress to Focus on FCC and Privacy + (Jul. 27, 2017)
- EPIC Urges Swift Action on FCC Data Retention Mandate + (Jun. 20, 2017)
- EPIC Launches Campaign to End FCC Data Retention Mandate + (Jun. 13, 2017)
- FCC Responds to EPIC's Petition, Seeks Public Comment on Data Retention Mandate + (Jun. 7, 2017)
- EPIC, Coalition Urge FCC to Act on Petition to End Call Data Retention + (Apr. 23, 2017)
- FCC Adopts Modest Privacy Rules for Broadband Services + (Oct. 27, 2016)
- Coalition Urges White House to Recognize EU Opinion; End NSA Telephone Records Program + (Apr. 16, 2014)
- European High Court Strikes Down Data Retention Law + (Apr. 8, 2014)
- House Committee Approves Controversial Measure to Require Data Retention for All Internet Users + (Aug. 1, 2011)
More top news
FCC regulations require telephone companies to retain private call records for 18 months:
Each carrier that offers or bills toll telephone service shall retain for a period of 18 months such records as are necessary to provide the following billing information about telephone toll calls: the name, address, and telephone number of the caller, telephone number called, date, time and length of the call. Each carrier shall retain this information for toll calls that it bills whether it is billing its own toll service customers for toll calls or billing customers for another carrier.
47 C.F.R § 42.6 (“Retention of Telephone Toll Records”).
The rule was created in 1963 to help telephone providers calculate the bills of their customers and to allow customers to dispute bills. When it was enacted, the rule required carriers to retain data for six months.
In 1985, the FCC initiated a rulemaking to remove this record-keeping requirement. In response to the FCC's proposal, the Department of Justice petitioned the Commission to extend the retention period to 18 months, claiming that "telephone toll records are often essential to the successful investigation and prosecution of today's sophisticated criminal conspiracies." Telecommunications providers objected to the DOJ’s proposal, but the FCC ultimately chose to extended the retention requirement to 18 months.Today, as the DOJ has acknowledged, "the efficacy of the Commission's current Section 42.6 requirement to meet law enforcement needs has been significantly eroded." Carriers have "moved away from classic billing models, in which charges are itemized," instead using "non-measured, bundled, and flat-rate service plans." The change in billing practices has led some carriers to claim "that call records under such new plans are not covered by Section 42.6 because they are not 'toll records.'" The original justification of the bill—to allow customers to calculate and dispute their bills—is no longer relevant. The rule imposes unnecessary restrictions on businesses that seek to minimize the collection of their customers' personal information
On August 4, 2015, an EPIC-led coalition of 29 civil society organizations and 34 legal scholars and technology experts filed a petition with the FCC asking the Commission to repeal the regulation that requires telephone companies to retain the detailed call records of their customers. The coalition explained that "the rule requiring mass retention of phone records exposes consumers to data breaches, stifles innovation, reduces market competition, and threatens fundamental privacy rights."
According to the coalition petition, "the 18-month data retention rule serves no purpose." Although the retention rule is no longer relevant to customer billing and its usefulness as a law enforcement tool has diminished, the petition explained, the mass retention of telecommunications records implicates substantial privacy and associational freedom interests. Telephone call records "not only show who consumers call and when, but can also reveal intimate details about consumers' daily lives. These records reveal close contacts and associates, and confidential relationships between individuals and their attorneys, doctors, or elected representatives." And because the toll records retained under the rule "are not specifically tailored or limited to a particular investigation," the rule requires carriers to retain sensitive data on millions of Americans who are under no suspicion of wrongdoing.
The petition also explained that mandatory retention of sensitive phone records increases the likelihood and impact of large-scale data breaches. For example, in 2015, the Office of Personnel Management discovered that the personal data of 21.5 million current and former Federal government employees and contractors had been stolen. The petition also observed that the FCC itself had brought data breach actions against companies that had failed to protect personal information. For example, the agency proposed "a $10 million fine against two telecommunications carriers for failing to protect the personal information of up to 305,000 consumers."
On April 24, 2017, after more than twenty months of inaction from the FCC on the petition, EPIC and a coalition of 37 leading civil society organizations submitted a letter to the FCC urging the Commission to act. The coalition letter noted that at least two large data breaches had affected telephone records since the petition had been filed. In November 2015, 70 million prisoner call records were exposed in a data breach. In another breach announcement, a former Verizon employee was accused in September 2016 of selling private call records.
On May 17, 2017, the FCC responded to EPIC's petition with a Public Notice seeking comment. Comments are due on June 16, 2017. Reply comments are due July 3, 2017.
- Coalition Petition for Rulemaking (August 4, 2015)
- Coalition letter asking the FCC to act on the August 4, 2015, petition (April 24, 2017)
- FCC Public Notice seeking comment on the Petition for Rulemaking. WC Docket No. 17-130 (May 17, 2017)
- Privacy Groups Urge FCC To End Call Data Retention Rule, Law360, April 24, 2017
- Ex-Verizon worker accused of selling customer phone records, Associated Press, September 26, 2016
- Not So Securus: Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege, The Intercept, November 11, 2015
- Stop forcing companies to save user data, groups urge in FCC petition, The Hill, August 4, 2017
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.