WebProNews

Tag: Data Retention

  • EU Court Deals Another Blow to Mass Phone Data Collection

    EU Court Deals Another Blow to Mass Phone Data Collection

    The Court of Justice of the EU (ECJ) has ruled member states cannot indiscriminately retain mass phone data to prevent crime.

    Data collection has become a major source of contention between privacy advocates and governments, especially since Edward Snowden blew the whistle on the mass collection of data by various government agencies. The EU is now making that kind of data collection a little bit harder, according to Reuters, in an appeal over a case in Ireland.

    The case in question involved a man who received life imprisonment for murder, but appealed based on the data collection that was used to prosecute him. While the ECJ said a national court would have to decide on the legality of the data’s use, it issued a broader statement about data collection, saying member states cannot use “general and indiscriminate” data retention as a way of preventing crime.

    The court did leave the door open for very narrow circumstances where such action could be taken, but it would generally involve the most serious of crimes, such as those involving national security.

  • Facebook To Change Data Retention Policies

    As you may recall, late last month, Facebook and the Federal Trade Commission announced that they had reached a settlement with regards to Facebook privacy. I won’t get into all of the details about that again, but it required Facebook to, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order.

    Today, Facebook announced that the results are in from an audit by the Office of the Irish Data Protection Commissioner (DPC). Facebook went with this organization because the company’s international headquarters are in Ireland, and the DPC oversees its legal compliance to to users outside of the U.S. and Canada.

    Facebook says that while audits aren’t normally made public, the company and the DPC felt it would be in the interests of transparency to publicize this one in particular, given the FTC order and the concern among users and the media. Probably a good call.

    Facebook says it has agreed to the following “key commitments”:

    – Offer additional notifications to European users about Facebook’s photo Tag Suggest feature so that they can decide whether or not to use this feature to help people tag them in photos

    – Change a number of our policies related to retention and deletion of data including how data is logged when people access websites with social plugins to minimise the amount of information collected about people who are not logged in to Facebook

    – Work with the DPC to improve the information that people using Facebook are given about how to control their information both on Facebook and when using applications

    Facebook says it is pleased with the DPC’s highlighting of the company’s “strengths,” which it lists as security protection, importance of real name authenticity, no profiling based on “tracking,” user control, tag suggest, advertising, third-party applications, and friend finder feature.

  • Wireless Carriers Keep Your “Private” Data For a Long, Long Time

    Wireless Carriers Keep Your “Private” Data For a Long, Long Time

    When it comes to data retention, most of us know by now that there are multitudes of different people who hold on to your “private” data for various reasons. Of course, this is why your “private” data isn’t really “private” at all, when you think about it.

    Carriers like AT&T, Verizon and Sprint play a huge role in most people’s daily lives. Just think about how often you text, make a phone call or surf the web from your mobile device. You are constantly using the provider’s service to function in your daily life – it’s unavoidable.

    So just how long does a carrier hold on to the data it gathers about you? A leaked memo shows that it really depends on the carrier.

    Wired has obtained a one page Department of Justice document called “Retention Periods of Major Cellular Service Providers.” They obtained it from the ACLU, who obtained it via a Freedom of Information Act claim.

    The document is dated August 2010 and says “Law Enforcement Use Only.” So this document could possibly have been used by police and investigatory organizations to better understand how to pursue data collection from mobile providers.

    After looking over the document, it’s hard to make a determination as to which carrier is the best when it comes to user privacy. Each carrier does something better and each carrier does something less desirable than the next. Here are the highlights –

    • Subscriber Information: Verizon, 3-5 years.  AT&T, depends on service length.  T-Mobile, 5 years.  Sprint, forever.
    • Call details (who, when you called)Verizon, 1 year.  AT&T, 5 years for prepaid 7 years for post-paid.  T-Mobile, 2 years prepaid 5 years post-paid.  Sprint, 18-24 months.
    • Text Message detail (who, when): Verizon, 1 year.  AT&T, 5-7 years.  T-Mobile, 2-5 years.  Sprint, 18-24 months.
    • Text message content: Verizon is the only one who keeps this information, and they do it for 3-5 days.
    • IP session information: Verizon, 1 year.  AT&T, only on non-public IPs for 72 hours.  T-Mobile, not retained.  Sprint, 60 days.

    The same goes for IP destination information, except Verizon only keeps it for 90 days.

    Wired quotes an ACLU lawyer who says, “People who are upset that Facebook is storing all their information should be really concerned that their cell phone is tracking them everywhere they’ve been. The government has this information because it wants to engage in surveillance.”

    Facebook came under fire this week for a situation involving tracking cookies that were found to still exist even after users log out.

    The fact that carriers know and keep this information shouldn’t shock anyone. But some of the periods of retention in the document are interesting. If there is anything to be gleaned from this, it’s that everything you do sticks around, probably for longer than you think.

  • Yahoo Extends Search Record Retention

    Search company Yahoo has announced a change in their data retention policy that is sure to hit the radar of many privacy advocates.

    The company says that it will extend the amount of time it holds on to user search records to 18 months.  Currently, the data is only held for 90 days before it is made anonymous.

    From the Yahoo Policy Blog:

    Today, Yahoo! is making an announcement of our intention to change our log file data retention policy to meet the needs of our consumers for personalization and relevance, while living up to their expectations of trust.

    Over the last 3 years, the way we and other companies offer services online and the way consumers experience the Internet has changed dramatically.  So, we will keep our log file data longer than we have been – offering consumers a more robust individualized experience – while we continue our innovation in the areas of transparency and choice to protect privacy.  We believe it’s a move forward for Yahoo! and our users.

    Yahoo is only announcing a change to how long they retain search data right now, but say that they are also evaluating how long other types of data should be kept:

    We will hold raw search log files for 18 months and we will be closely examining what the right policy and time frame should be for other log file data.  In announcing this change, we have gone back to the drawing board to ensure that our policies will support the innovative products we want to deliver for our consumers.

    Of course, data retention serves multiple purposes for search engines.  By recording statistics on search queries, pages clicks and ad clicks, search engines can better personalize search data as well as provide better targeting for online ads.

    This announcement comes just a few days after big news regarding consumer privacy.  Apple was the latest to roll out Do Not Track features on the test version of its latest browser.  There is also mounting disagreement on whether a new comprehensive internet privacy bill proposed by Senators John Kerry and John McCain will do more harm than good for web development.

    When is this extended data retention set to begin?  Apparently this summer, after a period of notifications.

    In the next 4-6 weeks we will begin rolling out notifications across Yahoo! to ensure that we have given clear and understandable notice to our consumers of this change in our policy.  Thirty days after we have completed these notifications, we will put the new policy into effect.  We expect this will occur sometime in mid-to-late July.