fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data retention "

Top European Court to Review National Data Retention Laws

The Court of Justice for the European Union will hear challenges to the data retention laws of the UK, Belgium, and France.

The Court previously invalidated European and national data retention laws that required companies to retain communications data for law enforcement purposes. The new challenges, brought by civil society organizations, contend that European national laws fail to comply with the earlier rulings.

Source: Top European Court to Review National Data Retention Laws

AT&T, T-Mobile, Sprint, Verizon Blasted For Data Privacy Policies

A U.S. senator Wyden is giving the four telecommunications companies until Sept. 4 to outline how they plan to better protect customer data privacy.

Wyden said that current rules that are in place that surround data retention are not enough, and that the telecom companies have been able to skirt them. The Federal Communications Commission (FCC) requires carriers to keep records of toll calls for 18 months, for instance – but Wyden alleges that firms retain records “for much longer.”

Source: AT&T, T-Mobile, Sprint, Verizon Blasted For Data Privacy Policies | Threatpost

EU Council adopts conclusions on data retention to fight crime

The Council adopted conclusions on the way forward with regard to the retention of electronic communication data for the purpose of fighting crime.

It noted that data retention is an essential tool for investigating serious crime efficiently, but one whose use should be guided by the need to protect fundamental rights and freedoms.

The Council tasked the Commission to gather further information and organise targeted consultations as part of a comprehensive study on possible solutions for retaining data, including the consideration of a future legislative initiative.

Source: Data retention to fight crime: Council adopts conclusions – Consilium

Amazon now lets you tell Alexa to delete your voice recordings

You’ll now be able to say, “Alexa, delete everything I said today.”

Amazon stores recordings of every request you’ve made to an Alexa device (theoretically, to help improve the voice recognition service and other features). Despite this being largely unnecessary, Amazon doesn’t provide a way to disable the long-term storage of voice recordings or have them deleted on a regular basis.

Full article: Amazon now lets you tell Alexa to delete your voice recordings – The Verge

EU Council publishes draft conclusions on the retention of data to fight the crime

On 27 May, 2019, the Presidency of the Council issued draft conclusions of the Data Retention Working Party on the retention of data by telecoms service providers for the purpose of fighting crime.

The Conclusions point out that legislative reforms at national or EU level (specifically naming the future e-Privacy Regulation) should maintain the legal possibility for data retention schemes. They see data retention by telecoms service providers as an essential tool for the effective investigation of serious crime, including terrorism and cybercrime, and recommend implementing proportionate, necessary and transparent data retention obligations for telecoms businesses.

The Conclusions note that the data retention regimes should nonetheless provide for sufficient safeguards for fundamental rights, including the rights to privacy, personal data protection, non-discrimination and presumption of innocence.

Source: Conclusions of the Council of the European Union on Retention of Data for the Purpose of Fighting Crime

How to draft a GDPR-compliant retention policy

You need to be able to clearly define the period for which personal data will be stored or, if not possible, criteria to determine that period. Most organizations implementing the GDPR consider retention policies or retention rules necessary to achieve this. At first it seems a daunting task, but by considering the goals and GDPR requirements you can reach some reasonable level of granularity that is still operational and possible to implement.

Full article: How to draft a GDPR-compliant retention policy

German government pushing courts to submit data retention cases to CJEU

The German government is urging judges at the German Constitutional Court to submit a series of constitutional complaints filed against Germany’s data retention laws to the Court of Justice of the European Union (CJEU), threatening to delay the court’s verdict on the controversial data retention legislation by months or even years. If the cases are submitted to the ECJ, Germany’s constitutional court would have to wait for a ruling from the ECJ before issuing a verdict of its own.

Source: German government pushing courts to submit data retention cases to ECJ – Heise – Telecompaper

To keep or not to keep: data retention challenges and solutions

The GDPR does not specify exact data retention timescales, and the reason for this – when you stop to think about it – is obvious: the periods for which you can justifiably keep data are necessarily context-specific. But in practice it’s not so simple.

Read full article: To keep or not to keep: data retention challenges and solutions – Privacy, Security and Information Law Fieldfisher

To keep or not to keep: data retention challenges and solutions

When asking someone a question that has no clear answer, you’ll often receive the response: “how long is a piece of string?” It’s a response that privacy professionals may be tempted to give when asked the question “how long can we retain data for?” – those not steeped in the detail of privacy regulation may feel that this question should have a simple, straightforward answer, expressed in a matter of months or years; the reality is far more complicated than that.

Source: To keep or not to keep: data retention challenges and solutions

Looking to Canada for input on the GDPR’s data retention requirements

One of the core principles of data processing set forth in Article 5(e) of the EU General Data Protection Regulation is that personal data shall be retained in a form that “permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” Although this language is not complex, it raises critical questions not answered within the text, namely: What comprises a purpose and how does one determine whether the purpose is resolved?

Read full article: Looking to Canada for input on the GDPR’s data retention requirements

>