The European Digital Rights Group (EDRi) published an answering guide for civil society organisations and individuals

What is ”data retention”?

In the context of this consultation, data retention is a requirement obliging providers of electronic communications services (email, private messaging, internet access providers like telecom companies, etc.) – we call them ‘service providers’ (SPs) – to retain certain types of data related to their users beyond what is necessary for the provision of their services and only for law enforcement purposes.

What data is concerned?

Mainly traffic and location data. Traffic data is metadata about your online activities. Whenever a device accesses a communications network, small packets of data related to that device’s activities are processed on the systems of the operator responsible for the network.

This includes all other information about a communication other than the communications content, such as the communication’s origin (who sent it?), the destination (who is the recipient?), the route, the time, the date, the size (of the message), the duration (of the activity), or the type of underlying service.

Metadata can be compared to the information outside an envelope (address, weight, format, stamps, etc.); the communications content corresponds to the message inside the envelope.