Then you have to ask whose
data retention law applies and we can find a situation in which multiple countries are trying to apply their laws to the same set of data, at the same time.
For instance, the District Court of The Hague struck down the Dutch national data retention legislation on 11 March 2015, and shortly afterwards, on 11 June 2015, the
Belgian data retention law was annulled by the Constitutional Court, which largely copy - pasted the CJEU's reasoning.
Perhaps most importantly of all, EarthVPN officially comes under the jurisdiction of Northern Cyprus, which is not subject to the European Union's Data Retention Directive and the country does not have any
mandatory data retention laws of its own either.
Unlike IPVanish (which is based in the U.S.), ExpressVPN is based in the British Virgin Islands, which has
liberal data retention laws.
Drip was constructed so that the UK's
data retention laws were not reliant on the EU directive which was made illegal by the court ruling.
Denmark has had such
a data retention law in place for many years.
Ultimately, the real danger lies in how the practice might be used in conjunction with other, more authoritarian laws, such as the aforementioned DRIP Act and
the data retention law it bolsters, RIPA.
As someone who lives in Germany, where there is
no data retention law (local transposition of the EU directive was struck down for being unconstitutional), I can assure you this is not the case.