fbpx

Download free GDPR compliance checklist!

Tag Archives for " data retention "

Irish murderer appeals conviction on grounds of EU data law breach

When Graham Dwyer was convicted of murder in 2015 it was a triumph for Ireland’s police and judicial system. Phone data helped clinch murder conviction for Graham Dwyer in 2015.

Five years later, however, the conviction risks unravelling over the use of phone data – a twist that could see Dwyer walk free, and also have an impact on data privacy rules across Europe. Dwyer has now appealed on the grounds the retention and accessing of his mobile phone data breached EU law.

Court of Justice of European Union (CJEU) has ruled in recent cases involving Belgium, France and the UK that governments and service providers do not have broad rights to retain data on citizens, and legal experts expect the Dwyer decision to follow that pattern.

Source: Irish murderer appeals conviction on grounds of EU data law breach | Ireland | The Guardian

CNIL issues new guidance on data retention

The French Supervisory Authority CNIL in July has issued new updated guidelines on data retention.

These Guidelines aim at providing practical tools to help defining the relevant rules to organize data retention and accordingly the retention period applicable for each step of the personal data processing life cycle so that the personal data are not kept indefinitely.

Source: FRANCE: NEW GUIDANCE FOR DATA RETENTION

Google says it will no longer save a complete record of every search

Google will no longer save a complete record of every search made by new users, the company says, as it launches a push to promote its privacy credentials against concerted competition from arch-rival Apple.

The company will now automatically delete its saved records of a new user’s activity on the web and in its apps after 18 months. Previously, such information had been kept indefinitely by default, which the company argued was necessary to personalise its services for individual users.

Source: Google says it will no longer save a complete record of every search | Google | The Guardian

Top European Court to Review National Data Retention Laws

The Court of Justice for the European Union will hear challenges to the data retention laws of the UK, Belgium, and France.

The Court previously invalidated European and national data retention laws that required companies to retain communications data for law enforcement purposes. The new challenges, brought by civil society organizations, contend that European national laws fail to comply with the earlier rulings.

Source: Top European Court to Review National Data Retention Laws

AT&T, T-Mobile, Sprint, Verizon Blasted For Data Privacy Policies

A U.S. senator Wyden is giving the four telecommunications companies until Sept. 4 to outline how they plan to better protect customer data privacy.

Wyden said that current rules that are in place that surround data retention are not enough, and that the telecom companies have been able to skirt them. The Federal Communications Commission (FCC) requires carriers to keep records of toll calls for 18 months, for instance – but Wyden alleges that firms retain records “for much longer.”

Source: AT&T, T-Mobile, Sprint, Verizon Blasted For Data Privacy Policies | Threatpost

EU Council adopts conclusions on data retention to fight crime

The Council adopted conclusions on the way forward with regard to the retention of electronic communication data for the purpose of fighting crime.

It noted that data retention is an essential tool for investigating serious crime efficiently, but one whose use should be guided by the need to protect fundamental rights and freedoms.

The Council tasked the Commission to gather further information and organise targeted consultations as part of a comprehensive study on possible solutions for retaining data, including the consideration of a future legislative initiative.

Source: Data retention to fight crime: Council adopts conclusions – Consilium

Amazon now lets you tell Alexa to delete your voice recordings

You’ll now be able to say, “Alexa, delete everything I said today.”

Amazon stores recordings of every request you’ve made to an Alexa device (theoretically, to help improve the voice recognition service and other features). Despite this being largely unnecessary, Amazon doesn’t provide a way to disable the long-term storage of voice recordings or have them deleted on a regular basis.

Full article: Amazon now lets you tell Alexa to delete your voice recordings – The Verge

EU Council publishes draft conclusions on the retention of data to fight the crime

On 27 May, 2019, the Presidency of the Council issued draft conclusions of the Data Retention Working Party on the retention of data by telecoms service providers for the purpose of fighting crime.

The Conclusions point out that legislative reforms at national or EU level (specifically naming the future e-Privacy Regulation) should maintain the legal possibility for data retention schemes. They see data retention by telecoms service providers as an essential tool for the effective investigation of serious crime, including terrorism and cybercrime, and recommend implementing proportionate, necessary and transparent data retention obligations for telecoms businesses.

The Conclusions note that the data retention regimes should nonetheless provide for sufficient safeguards for fundamental rights, including the rights to privacy, personal data protection, non-discrimination and presumption of innocence.

Source: Conclusions of the Council of the European Union on Retention of Data for the Purpose of Fighting Crime

How to draft a GDPR-compliant retention policy

You need to be able to clearly define the period for which personal data will be stored or, if not possible, criteria to determine that period. Most organizations implementing the GDPR consider retention policies or retention rules necessary to achieve this. At first it seems a daunting task, but by considering the goals and GDPR requirements you can reach some reasonable level of granularity that is still operational and possible to implement.

Full article: How to draft a GDPR-compliant retention policy

German government pushing courts to submit data retention cases to CJEU

The German government is urging judges at the German Constitutional Court to submit a series of constitutional complaints filed against Germany’s data retention laws to the Court of Justice of the European Union (CJEU), threatening to delay the court’s verdict on the controversial data retention legislation by months or even years. If the cases are submitted to the ECJ, Germany’s constitutional court would have to wait for a ruling from the ECJ before issuing a verdict of its own.

Source: German government pushing courts to submit data retention cases to ECJ – Heise – Telecompaper

1 2 3
>