How long do major European ISPs (e.g., Deutsche Telekom, Orange, Vodafone) retain DNS query logs under EU/EEA laws in 2025?
Executive summary
Major European ISPs do not have a single, EU-mandated DNS query‑log retention period; retention is driven by a mix of national laws, sectoral telecom rules, and individual company policies, and public disclosures from operators about exact DNS retention lengths are scant in the reporting provided [1] [2]. Privacy‑focused public resolvers and commercial DNS services show a wide range of possibilities — for example, some third‑party DNS services allow log retention from one hour to two years under user control — but that is a vendor capability, not proof of a uniform ISP practice across Deutsche Telekom, Orange or Vodafone [3] [4].
1. The legal landscape: no single EU retention clock
There is no single EU/EEA law in the provided reporting that prescribes a uniform statutory retention period for DNS query logs across all ISPs; data retention sits at the intersection of general EU data‑protection rules (GDPR) and sectoral telecom regulation, and national governments can and do set specific obligations within that framework [1] [2].
2. What regulators and merger documents make clear: data protection still applies
EU merger and oversight materials concerning Deutsche Telekom, Orange and Vodafone repeatedly state that "data protection rules are fully applicable" to telecom transactions and services, signaling that operators remain bound by GDPR and national privacy rules when handling DNS and other user data [1]. The same corpus of EU telecom rule changes flagged for 2025 indicates increased regulatory attention on telecom providers but does not, in the sources provided, translate into a single retention period for DNS logs [2] [5].
3. What commercial DNS providers disclose — a reality check
Commercial DNS resolver services demonstrate the range of technical and policy choices: for example, NextDNS advertises configurable log storage locations and allows customers to set retention from one hour up to two years or to disable specific logging, illustrating how technical capability and privacy policy can vary widely between providers [3]. That configurability shows what is possible, but the presence of such options in a third‑party DNS service does not prove that incumbent ISPs use the same retention settings or permit customer control.
4. Emerging European alternatives and what that implies for retention
The EU's DNS4EU initiative and other EU‑centric public resolver projects are being promoted as privacy‑oriented alternatives, and performance dashboards and public info pages position them as a means to improve European control over DNS resolution; however, the sources document the project and its monitoring presence rather than a binding retention rule for ISP logs, so the practical effect on incumbent ISP retention policies remains unestablished in the reporting [4] [6] [7].
5. Where reporting is silent — the practical consequence for the question asked
The available sources do not publish explicit, comparable retention timelines for Deutsche Telekom, Orange or Vodafone DNS query logs in 2025, so a definitive answer about how long each major ISP retains DNS queries under EU/EEA law cannot be drawn solely from this material; the only supported conclusion is that retention varies by provider and legal context and must comply with applicable data‑protection rules [1] [2].
6. Alternative viewpoints, incentives and what to watch next
Privacy advocates argue for minimal or no DNS logging and point to configurable resolver services and EU projects as positive steps, while telcos — subject to regulatory scrutiny and operational needs like abuse mitigation — have incentives to retain some telemetry; regulators pushing new telecom rules in 2025 (and tech designations like DORA listings for major providers) could raise compliance and resilience obligations that indirectly affect logging practices, but the reporting here shows policy direction rather than hard retention numbers for DNS queries [5] [2].