In an effort to protect users' privacy, Bahnhof, the last Swedish ISP refusing to fall in line with the country's data retention law, has said that it would comply with the legal requirement, but at the same time will offer its customers a free to use, no-logging VPN service, a step that would effectively render any collected data meaningless, assuming customers take up on the offer.
The move comes nearly a month after the Swedish Post and Telecom Authority (PTS) ordered the ISP to start storing customers’ communications data again or pay a five million krona ($680,000) fine. The data retention law requires phone and internet companies to capture and store user metadata including websites visited, people called, location data, and more, for a period of six months to two years.
Back in April, Europe’s highest court struck down the law saying that it violated citizens’ fundamental rights to privacy and to control personal data. As a result, many Swedish ISPs, including Bahnhof, stopped keeping records of their customers’ communications.
But a couple of months later, Sweden said the country’s data retention law still applied after a government appointed commission concluded that it didn’t conflict with the Court of Justice of the European Union (CJEU) ruling.
Since then, the Swedish government has been pressurizing the country’s ISPs to start retaining user data again. While most ISPs have given in, Bahnhof, which has even complained to the European Commission, was the sole holdout.
"The European Court of Justice has held that it is a human right not to have their data stored. We believe the time is ripe for VPN services to become popular", said Bahnhof's CEO Jon Karlung in a statement.
Dubbed LEX Integrity, the new VPN service will be hosted and run by a digital rights group called the 5th of July Foundation, and will start working on November 24th, the day Bahnhof will resume data retention.