A simple syllogism.
Whereas
GDPR’s Whereas 19 says:
The protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security and the free movement of such data, is the subject of a specific Union legal act. This Regulation should not, therefore, apply to processing activities for those purposes.
Whereas
Voice and Internet Data Retention regulations serve to investigate crimes, prevent threats to public security and so on,
Therefore
the GDPR’s reach doesn’t touch Data Retention
and
A29 and local Data Protection Authorities have no jurisdiction over this topics.
Question: where’s the fallacy of this syllogism?