Preservation order:
A preservation order on behalf of foreign authorities is possible in Sweden by using an EIO or a request for MLA (Mutual Legal Assistance) on the same grounds as it is in a domestic investigation. Since Sweden is part of the CoE Convention on Cybercrime we also accept requests according to Art 29 of the Convention. A public prosecutor can issue a preservation order for up to 90 days. It can be prolonged for up to 90 days if needed. The preservation order can be directed to anyone who is not suspected of the crime or a close relative to him/her.
Production:
Production of preserved electronic evidence on behalf of foreign authorities is possible by using an EIO or a request for MLA (Mutual Legal Assistance). The measures for executing a request for production depends on if the requested party is a company that provides electronic communication services (ISP) or not. For ISP: s there are different rules regarding accessing the data depending on what type of data categories that is requested. Content data requires a court decision on interception of telecommunication, traffic data (which includes location data) requires a court decision on tracing of telecommunication and subscriber data requires a decision of a public prosecutor.
Data retention:
The rules regarding data retention only applies to companies that provide electronic communications services (ISP: s). The rules differentiate between different types of data. For telephony and messaging only communication via a mobile network access point should be retained. No data will be retained on telephony or messaging that takes place in the fixed-line (landline) telephone network or through fixed internet access. Traffic data will be retained but the obligation to retain will be limited to data on who contacted whom (number and subscriber, and for telephony also subscription and equipment numbers) and at what time. Location data at the beginning and end of a call will be retained, but no other location data. For unregistered prepaid phone cards information about communication equipment and initial activation will be retained.
For internet access the retention obligation includes data that make it possible to identify the subscriber or registered user: IP address and other technical data necessary to identify the subscriber or registered user, time data for logging in and out of the service providing internet access, subscriber information and data identifying the equipment where the communication is finally separated to the subscriber.
There are differentiated retention periods:
Location data for calls: 2 months
Data on internet access: 10 months (except for data identifying the equipment where the communication is finally separated to the subscriber)
All other data: 6 months