Data Retention – Page 6

March 5, 2014March 5, 2014

Data Protection vs Data Retention

One of the oddities of the Data Protection legal framework is the relationship between Data Retention and Data Protection and the (wrong) notion that when the retention period has expired, the retained data must be deleted.

Let’s start from scratch: as soon as the services work properly, an ISP has no need to preserve the traffic data, but since we don’t live in a perfect world, problems happen so it is necessary to retain some information for troubleshooting and traffic shaping; furthermore, customers’ claims, billing and legal issues strongly support the need to save some more information. Thus, ISPs – though on a voluntary basis – do collect and retain traffic-related information as long as these information are useful to pursue legitimate goals.

Enter the Data Retention. With a questionable motive, ISPs are now forced – forced – to retain for a limited time some traffic data for the sake of the law enforcement community. In other words, what before the Data Rention Era was voluntary, now is mandatory.

But what happens when the mandatory retention period expires? The answer is (supposed to be) easy: the ordinary Data Protection legal regime comes back into force, so the ISPs are – or should be – free to either continue keeping those data (for legitimate purposes) or deleting it.

November 21, 2013November 20, 2013

The Datagate Legal Implication under German Law

An interesting article from Axel Spies, a Washington-based ICT lawyer, assesses the impact of the US spying over the German Chanchelor, Angela Merkel.

Here is an excerpt from the “Conclusion” section:

Most Blog participants were more pessimistic about the legal remedies having any leverage against spying. To quote a key statement in the Blog: “What Germany can “legally” do against wiretapping is likely to be on a similar level as asking what Pakistan can do ” legally” against U.S. drone attacks on its territory. Politically, maybe some counteraction in the areas of punitive tariffs on imports from the U.S. or the termination of international treaties is conceivable. But this is less a question of being allowed, rather than being able to follow through with sanctions and thus hardly the subject of a legal discussion.” Müller further added this observation: “If there were an effective counter-espionage [in Germany], also against supposed “friends” [in the U.S.], then it would hardly be possible to spy on the head of a befriended government’s private and political communication.”

September 24, 2013November 13, 2013

The freedom of being a stone-age man or I don’t want to live “smart”

One of the most revealing books I’ve read (that I translated into Italian for local publisher) is Alan Cooper‘s The Inmates are Running the Asylum. Is a book about programming and the fact that core decisions come from a bunch of geeks working down below the basement of the company’s building, while marketing and PR guys occupy the fancy upper floors (have you seen the British sit-com “The IT Crowd“?) Continue reading “The freedom of being a stone-age man or I don’t want to live “smart””

August 28, 2009

French Data Protection Agency (CNIL) Releases New Guidelines on “Discovery”

Axel Spies, a friend and a very skilled Washington-based lawyer just released a summary on the new French Data Protection Authority deliberation in re: transnational discovery of personal data.

Here is the summary’s full-text.

June 30, 2009August 19, 2009

Aggregate data and Italian Data Protection Authority

An Italian Data Protection Authority decision issued on June, 25, 2009 set the deadline of Sept. 30, 2009 for telco operators and ISPs that must notify the Data Protection Authority the list of their mining activities executed on customers’ aggregate data (such as traffic volumes, paths and so on.) The aim of this decision is to spot illegal (at least, under Data Protection Authority opinion) data handling “masked” by activities performed to keep the infrastructure running

The Data Protection Authority, after having received the information, will decide what can be still done without informing the customer, what can be done AFTER having informed the customer and obtained his approval and what cannot be done at all. Furthermore, the Data Protection Authority will release a set of technical and management rules to ensure the concerned subjects’ compliance.

If these new set of rules will mimic those recently established for data-retention purposes and system administrators, telcos and ISPs will face again a mayhem of useless bureaucracy so hard to understand that the Data Protection Authority itself did release a FAQ to explain what these regulation actually meant (and we’re still waiting for the FAQ interpretation.)

Although the decision is limited to the Internet and telephony world, it is clear that in the near future it will affects too energy firms, banks, insurance companies and, in general, everybody who relies upon aggregate data to tweak its supply chain of services.

Once again, the Italian Data Protection Authority is proved to be one of the biggest blocking factor of Italian telco market, while not granting citizens some sort of protection.