From IMMI

Belgian law since 2005 was designed to explicitly protect all communication between sources and journalists, with both groups defined broadly. But such protections may have limited effect if protected communication records between journalists and sources are automatically stored by third parties.

Currently Icelandic telecommunications law no. 81/2003 implements EEA mandated data retention. It applies to telecommunication providers and its current implementation mandates the retention of records of all connection data for 6 months. It states that communications companies may only deliver information on telecommunications in criminal cases or on matters of public safety. It also states that such information may not be given to others than police and public prosecution.

The European directive that caused this law to come into effect, 2002/58/EB from 12. july 2002 regarding privacy and electronic communication, is up for review in the autumn of 2010 and the German constitutional court is expected to rule whether or not data retention is at odds with the European Human Rights Treaty. Given these developments and a general trend towards more privacy awareness, the Icelandic data retention laws may need updating to address these concerns.

Another aspect of communications protection comes from chapter V of the currently implemented law 30/2002 on e-commerce and electronic services, which provides indemnity for "mere conduits", such as telecommunications networks and Internet hosting providers. There are few and mostly well defined exceptions to this indemnity, but the exception for general court orders without further definition is worrying. This should probably be improved by clarifying which exact circumstances can trigger such exceptions.