I totally support this. It still amazes me that companies still do not delete/anonymize user accounts after periods of inactivity. Everything that is linked to your email address should be purged after 3-12 months of inactivity, including ecommerce like Amazon, game platforms like Steam, cloud storages like Dropbox, or even Hackernews. Good luck trying to find old accounts that you have used years ago, what if they were breached and now they are used by people with bad intentions. In my country (Romania), even barber shops that store user accounts for longer periods than necessary are fined the shit out of them for not closing accounts due to inactivity. Some years ago, I woke up with an inactive G2A account telling me that I have to pay a fee for inactivity. NO! I don't have to pay anything, purge it!
Mildly related: In America, e-mails stored on a server for over 180 days are considered 'abandoned' and can be viewed by law enforcement without warrants. [0]
The bill to fix this relic of a time where people stored emails in noticeably-finite inboxes, the Email Privacy Act, passed the House this session but got knocked out of the bill in the Senate. https://en.wikipedia.org/wiki/Email_Privacy_Act
I wonder the same thing. Civil Asset Forfeiture is at least as awful and should offend everyone regardless of their stance on current political hot topics. Yet it appears to go on unaddressed.
I think for most people in the US, this wouldn't make their top 50 list of things wrong with the US, or our legal system in particular. And many of those people would probably read about this, shrug, and think "eh, nothing in my old emails that I care if the government sees".
It's actually super weird, because US culture has a strong component of distrust of government. But the government is pretty good at making people fear crime, terrorism, etc., which allows them to get the people to "trust" them with mass surveillance and other privacy invasions.
I completely agree with you. There are plenty of reasons that someone might not use a website for a long time. I didn't use Amtrak from March 2020 through November 2021 and I'm glad I didn't lose my account status.
"Sorry, you can't log into this NCAA bracket website because you haven't used it since last year."
Do you have a paid account or a free account? If I store my documents on a free account for a one time send to the university application and then I forget about it, then Dropbox should purge it after a time to protect my data, as I don't have any "contract" with them like a subscription or something. The same for G2A, I have bought from them some game keys at a cheap price sometime ago and then I totally forgot that I have one, I couldn't even find the activation mail in my inbox, lol. One day in the summer I woke up with a mail that I have to pay an inactivity fee even if I'm just a row in their database and I have no contractual obligation with them.
I had a family member go through a major life event that left his OneDrive account unused for about a year. When we needed to access tax documents on it, Microsoft had deleted it. I’m strongly against non-user initiated account deletion.
Yeah: I would take the opposite stance to this whole "accounts should be deleted due to inactivity" BS and say that a company that you entrusted your data to now has a moral responsibility to do everything they can to hold on to that data until such time as you explicitly relinquish them of that duty, and if the cost of such a requirement is scary you shouldn't put yourself in a position to hold on to other peoples' data in the first place.
"... a company that you entrusted your data to now has a moral responsibility to do everything they can to hold on to that data until such time as you explicitly relinquish them of that duty ..."
I completely agree.
I will take this even further: that company should break a data retention law in order to hold ambiguously abandoned data that might be important to that user.
Further: that company should safeguard that data and protect it from unlwaful intercept or surveillance just like the data of any other paying customer.
Finally: no additional costs should be accrued beyond the original terms for this safekeeping of data.
They do not have such moral responsibility. Their responsibilities are defined by laws and their T&Cs, which are known to the customers and customers explicitly opt in.
If I say in my T&Cs that I delete data after certain period of account inactivity, then this is how it is going to work and user shall not expect anything else.
> Their responsibilities are defined by laws and their T&Cs, which are known to the customers and customers explicitly opt in.
You seem to just not believe in morals I guess? ;P
Like, yes: the law says you can do something... but I am claiming it isn't moral to do that. You can assert your terms of service let you, but I am claiming that it wasn't moral of you to put that in your terms of service in the first place. (And to the extent to which the law requires you do the opposite, that is us arguing over what the law should say, given that the entire point of this thread is about a changing law.)
And like, the user of course should expect you to do the things you claim you will do, but I also think it is fair for users to expect you to claim you will do moral things in the first place. If you are going to pull stunts like deleting data users entrusted to you, hopefully your service is sufficiently optional and unimportant that they can just not use your service without losing out on anything at all in life.
I see you work in medicine. Your field collects data on people all the time and then hoards it from them. You take X-rays and then just put them in some filing cabinet. To get a copy of MY X-ray I have to argue with people about it and then I usually get some low-quality shit copy. Meanwhile, you purge your records and delete MY data because I somehow have the gall to not need your specific service for some number of years until I get old and suddenly wish I could get my X-ray and you destroyed it :/.
You should frankly be REQUIRED to give people their data to take with and not take it yourself, a step you can't be trusted to not put it in your terms of service that you get to both hoard it and delete it on a whim. If you must insist on holding it yourself, you should be required to have a trust set up that you make regular deposits into to ensure that the data you are holding will survive at least as long as all of your patients.
That's what I will claim is "moral", and to the extent to which either laws or the terms of service of your organization fails to match then the lawmakers, lawyers, or entrepreneurs are being horrible people. If you believe in a religion that has a place similar to hell, maybe that's where all of the people who push for, allow, or take part in stuff like this will end up :/.
I do not believe in „morals“, yes. Whatever you think is right is just your opinion, unless it is important enough that society decides to codify it in law. Christians think that homosexuality is immoral - should I care about their opinion and lecture my gay friends about their wrong behavior? I rather suggest one billion of people to go to hell with this belief. Same here. If you want to discuss my personality from „moral“ perspective, you can join them. Especially given that you suggest to analyze from „moral“ perspective data retention, which is a pure UX and product topic.
As many people pointed out in the comments here, there are different expectations in this field - there is no common unwritten law about how it should work. If some people make wrong assumptions about it despite having access to the necessary information, it is really their fault. They are not the victims to be saved. If I run a deposit box, I do not offer it for free and I will empty it the moment payment stops. If I run a service with a free plan, I will keep the data as long as possible and will delete it only after economically justified period of inactivity. Contrary to the trials of paid subscriptions, free plans are not meant to be auto-deleted quickly, but since nobody pays for storage, business also cannot take obligation to keep the data of inactive accounts forever.
That said, read the T&Cs and do not assume that your understanding of „morality“ is right.
Interconnectedness of the world today is economically justified, it does not have any morality in it. In the same vein, if we would have to listen to your anti-morality point of view, we should have kept the connections as before even if we contribute to the global warming, to the deaths of many vulnerable people contributed by the rising number of viruses that are spreaded at an accelerated rate, to the number of cyberattacks that have quadrupled. Similarly to economically accessible transit around the world and its complexity, we have the Internet which is clearly becoming more and more prone to breaches exploiting vulnerabilities (log4j literally proved that everything was open for exploitation). Today, while I'm watching a random Romanian TV channel, many psychopaths at a round table are leading you to believe that Covid's risk is self inflicted by people who don't work out & are overweight and that lockdowns are unjust, it is all people's fault, that there's nothing moral in lockdowns and wearing masks, which I strongly disagree with and it is also not supported by data.
If you are triggered by my „anti-morality views“, please re-read my comments again. There are too many attempts in this thread to stretch morality over basic policy and product issues and to shape it into a personal attack on me, I’m going to stop responding to all of them.
If something can be both right and wrong depending on context, it is not guided by morality, it is guided by reason and by data. Some data retention policy can be right for some users and wrong for others. Lockdown can be appropriate solution under certain conditions and an attack to personal freedom in other cases. Neither data retention or hygiene rules are moral or immoral, because there’s no universal judgement for them. If something is highly contextual and disputed, it is better to keep morality off the discussion, otherwise consensus will never be found. It is better to use something people agree on, like human laws or laws of nature.
Especially since the problem can be completely avoided by encrypting the user's data in the first place. Then the whole "we're deleting the data for your privacy" argument doesn't really hold up.
Also, have had similar experiences, and would be livid is someone deleted my data after only a few months.
In fact you have the contract with the services where you sign up. Even if you did not read T&Cs, you have accepted them and only then your relationship with the service started on their terms. You are not just a row in the database, you are a customer getting service in exchange for something. You have at least opted in to their data retention policy, and you have to opt out explicitly. If services will be required to purge the customer data after period of inactivity by default, chances are high that free accounts will simply cease to exist. In any case, quite significant share of customers would prefer to opt out from purge and they will be important enough from commercial perspective to make this opt out default in T&Cs acceptance process.
>"If I store my documents on a free account for a one time send to the university application and then I forget about it, then Dropbox should purge it after a time to protect my data, as I don't have any "contract" with them like a subscription or something."
I found this sentence interesting, as it contained positive and normative statements that I disagree with, with a non-sequitor between them. You say that you have no contract with them, even though you agreed to some sort of 'user agreement'. Then you say that you forgot about it, and that makes your faulty memory their problem. They have to make sure your data is secure for you because you... just don't bother to pay any attention to where you're leaving it? Should they also be responsible for checking your password against known breaches, to make sure it's not compromised? Where does this end?
Yes, they should check for any possible breaches. As any other responsbile company already does, like AWS for example which not only checks for breaches, but also scans public repositories like GitHub and GitLab for leaked credentials. A company should also warn a user from time to time that the respective needs to update his password, some companies are so careless that they don't even pay attention to this latter small detail. Or at least to warn an account holder that he still has an account with them.
> and that makes your faulty memory their problem
It is not only memory that is flawed in humans. Hence the protective measures I'm proposing.
> against known breaches
What about the unknown ones? How do you protect your user's account when under GDPR Dropbox is the controller of the data? By sending mails ocassionally to update the password, to adopt 2FA, by locking account due to suspicious activity or to purge it in the end if no further action is taken. It ends with the deletion of the user.
Strongly disagree, for Steam in particular. I played a lot of computer games in high school and early college, then stopped for about 7 years. When I finally bought a new computer, I somehow remembered my old Steam password and was thrilled to find that all the old games were still on my account, ready to download. In comparison, I had long lost any physical copies of games I had purchased as a youth.
As a bonus, I get the “bragging rights” of having nearly the oldest possible steam account (it can now vote).
I have accounts over 20 years old I use every few years. I would not be very amused if your suggestion takes off.
I can see simple things happening though that work towards this; for my pet project I just coded a feature that hashes email addresses of inactive (3 months without any interaction) and using another differently salted hash of their email address (which we then no longer have after this) to encrypt their data. They can still login, which restores their account and data without them noticing, but they will never receive email and possible breaches hurt less.
This is the sort of experience that you want. In case you don't want to click through, this is someone with over 1700 hours in an MMO who lost all their progress and items because they took a break and missed the GDPR-related opt-in to get their account transferred.
I don't want to lose all my steam games just because I am inactive for a time. That us a terrible idea, I purchased those digital goods, that's like saying crypto markets should dump data from time to time.
So what would your ideal scenario look like? I buy the game download it, backup on S3, pay for that and then lost access when I don't access it in a few months?
I'm super happy I don't have to worry about storage for my large Steam collection.
If so, please make it opt-in. Let users set the auto-delete date themselves, because I don't want to have to make sure that I log in every other week to keep my account alive.
Not Romanian, but you usually need to make an appointment at a barber (especially now that they can't/don't want to have too many people in their shop at once, due to COVID regulations). If you make the appointment online, then you can usually create an account to view/rebook/cancel it later, if necessary.
I book my hair appointment online. they ask for name, email and mobile phone number. They need the name to know who to expect for the appointment. They ask for email and/or phone to send you a reminder (which is nice, IMO).
Very reasonable and totally with the GDPR rules as well, as long as they purge the data after a certain time.
If a data aggregator can create a timeline of an individuals life, watching personality traits, social graphs, income, travel, routine, biometrics and health, stress and recreation, political affiliation, brand and taste preferences, savings, debt, credit, and social media influence traces, local, regional, and national cultural influences, and so on... that email archive is gold.
You can then create predictive models that let you target products, politics, music, media, and so on. It's not about spying on individuals, it's about manipulating populations. It's about rent extraction and wealth consolidation using tools of influence that negate consent. It augments abuses by law enforcement, corrupting the principles by which democratic governments are supposed to operate by hiding tyranny behind EULAs and TOS and private sector proxies.
Imagine a gpt-3 type model, except that instead of predicting text, it's designed to predict behaviors and psychological effects. That gives you a tool that's got a Darren Brown level of manipulation potential that you can scale. It's never going to be 100% accurate at the individual level, but you can target huge collections of individuals to modulate their lives through advertising and media sequencing.
We’ll this is not what the OP is proposing. Data removal after 3 months or a year seems too fast. I game on steam once every two years - do I have to buy all my games each time?
You can fake relevance if you want to sell the company without actually lying. Coincidentally there's a certain class of company that is in a permanent state of being sold and whose communication is under particular scrutiny wrt truthfulness. Seen from any other angle I fully agree, random user data value tends to be greatly overestimated.
An example: here in the UK the limit on taking legal action on most civil issues is 6 years. This means it is perfectly reasonable to have a 6 year retention policy and indeed that's what most companies do.
I'm glad about this decision. Anyway removing all personal data from logging will be a huge project in large organizations. I'm thinking about IP addresses [1] which are often used to aggregate requests, debug, etc. Wireshark could become a hot tool to handle.
I didn't spend much time to think about it so I might be totally wrong but anonymizing IP addresses is probably not easy unless we give up aggregation. I think that anything that uniquely maps IP addresses also becomes personal data, e.g. cookies.
Wireshark is very much a hot tool to handle already. To be in compliance with GDPR all the traces have to be dropped within the data removal grace period.
This is about ISPs (no one else) that currently have to store a lot of data way longer than necessary to serve the customer or for technical reasons, so that law enforcement can „travel back in time“ once they have a judicial order. It‘s like putting a GPS into anyones pocket so that the government can always trace your whereabouts.
In the future, storing that data will already require a judge to be involved, preventing mass surveillance (or at least, makes it a little bit harder for everyday law enforcement to access the surveillance data).
Also, quite relevant for data processing and consent: German DSK issues cookie guidance with strict requirements for cookie banners, consent and using US-based providers, https://twitter.com/OdiaKagan/status/1473725634102939650
Germans are quite pissed about their privacy, and for good reason. I also like that they are taking matters into their hands.
From what I read it seems that they have to stop logging. They can start logging only after they got a request from whoever is allowed to issue such requests in Germany.
That should be pretty much the same thing. The moment the illegal data retention law gets disabled the ISPs have no right to collect and retain that data anymore.
Is there some other law requiring no data retention? It doesn’t logically follow that the revocation of a data retention law means that an ISP can’t still retain data.
Yes, this all follows from the DSGVO/GDPR and - depending where you are - their local implementations. When data means personal data, which includes IPs and certainly things like websites one visits, connection metadata an ISP would collect.
It's illegal to keep personal data of users without either legitimate interest or a direct agreement, that's completely clear under the DSGVO. If the operational logs are needed to fulfill the contract with the user then sure, the provider can keep them (for as short as possible), otherwise not. Days? I highly doubt it.
The Vorratsdatenspeicherung counteracted that principle, if it falls away storing this data gets really complicated.
Keeping server logs for a few days is considered necessary for running servers. Therefore you accessing a server means you implicitly give them the right to store your access request for a few days, because it is unreasonable to assume they would run a server without access logs.
Edit: For example, you can't assume people will work on weekends. So if an issue occurs on a weekend and someone needs to look at it, then the log need to at least last throughout the weekend.
And if it is May 29 and you notice an attacker has been lurking in your network for at least 2 weeks (but you don't yet know exactly when it started or how they got in) you will be very happy that you have netflow and access logs going back 30 or 60 days or a year. And that's considered an operational requirement for anyone who cares about the safety and security of their systems and networks.
We store certain audit logs forever--or close to it--for exactly this reason. You don't know when you'll need the data to assess possible breaches and report back to users. (Which not coincidentally is a requirement of GDPR.)
Is DSVGO the same as GDPR? Why wouldnt ISPs bake personal agreement into the TOS like every other cookie clickthru? (Even if they don’t plan to retain it, better to get permission in case unintended retention occurs or business needs change.)
> Why wouldnt ISPs bake personal agreement into the TOS like every other cookie clickthru?
Personal agreement baked into a TOS is illegal. It has to be declinable and the service be offered regardless. Those cookie clickthroughs are getting those publishers sued now, see https://www.huntonprivacyblog.com/2019/10/03/cjeu-reaches-de... for an example.
> better to get permission in case unintended retention occurs or business needs change.
Which exactly is why this is not allowed. You can't just collect data just in case. Or you can of course, until you get caught and fined.
The latter. An ISP - within the guard rails set by GDPR and other privacy laws - can store customer data for their own purposes. But the government won’t require them to do so.
To be fair, data retention is a hot topic right now in Europe, the pandemic and the increased screen time that resulted from it, the amount of accounts we had to create left and right require new regulations.
I live in Europe and the only hot topic I can think of, apart from the virus, is energy prices. The same energy prices the center-left wants to increase via CO2 taxes.
More like that people do not read articles. They're discussing mandatory vaccinations, they are talking about banning Telegram, with Buschmann saying he's not pro ban but wants to censor Telegram content like they already censor other social media. It's a huge thorn in their claws that they don't control this platform because they're based outside the West. The new chancellor is corrupt and helped cover up the embazzling of over 60 billion euros in the largest tax fraud in German history (CumEx). Forgive me for being skeptical. This is likely smoke and mirrors, just like their announcement to legalize cannabis to distract young voters from all the scandals and authoritarian policies.
Vaccination isn't going to eradicate SARS, you don't understand how coronaviruses work. If it were that easy we'd already have eradicated a whole bunch of viruses. Any year now the flu is going to be eradicated, just gotta vax more. /s
>Pretty sure I was talking about smallpox, as a general example how mandatory vaccinations helped in the past.
So how is it relevant to this conversation, which isn't about smallpox and where mandatory vaccination won't help?
SARS-CoV-1 and SARS-CoV-2 are both SARS, it's not a coincidence they're named such. The media simply called the first one 'SARS' when there wasn't a second one yet. Then they labeled the new one "coronavirus". You can see even the people reporting on this are confused.
It shows that mandatory vaccination works in fighting infectious diseases. Whether that results in the eradication of the disease, or getting it under control to a degree that we no longer have to have lockdowns, and/or masks in public transports, is irrelevant.
You wouldn't label the Labour Party or the The Greens right wing?
If "right" in your sentence refers to the Free Democratic Party (FDP) the abolishment of the data retention regulation would even be a "right wing initiative", which is kind of funny. Not sure if I agree, the only thing that's certain for the FDP nowadays is that they lack a clear profile.
Whatever you're using, it's not in German sense and since Germany is the topic here: the old coalition was more right than the current and the current is not "whatever"-right.
Since June, the German government allows even police to secretly spy on Germans "preventively", i. e. without suspicion or proof of crime or future crime and without decision by court of law, by installing trojans on their phones and PCs, i. e. through the app store.
"Your right to privacy is being respected in Germany!" - This is not true.
The German government is pretty good at putting on a face of respectability and proper process, while also doing bad things. I'm reminded of the fact that the state began a criminal investigation of FT after they reported on Wirecard's fraud on the insistence of Wirecard itself.
Germany has a massive corruption problem on the higher levels.
It's not as visible for outsiders, because nations with corruption issues usually also have police and office workers essentially doing shakedowns to do their jobs, and that's not really a thing in Germany.
What is quiet widespread is politicians and office worker enriching themselves either directly from budgets theyre responsible for or by doing things for corporations which pay them handsomely.
I wish it did, but honestly all the mask deals were pocket change (you can't really say the mask scandal, considering how many there were).
Take our Kanzler for example. He was involved in stealing over 50 million €. (CumEx)
Not only didn't he get punished, now he's also in the highest position of the German government.
And I wish it was an extreme example, but it's really not.
The health minister is responsible for the current health care crisis, which he kicked off over 10 years ago. Thanks to him clinics prefer to amputate diabetes patients over treatment, because it pays more.
Each of the ministers has done similar things such as getting an extra 150k€ salary from the coal industry etc.
Maybe I mixed up something and this is the wrong law:
The "Gesetz zur Modernisierung der Rechtsgrundlagen der Bundespolizei" was accepted by the Bundestag, but finally the Bundesrat did not agree.
https://dip.bundestag.de/vorgang/gesetz-zur-modernisierung-d...
While I am very much opposed to being spied on without a warrant[0], the case where only government bodies can do this is better than the case where anyone can do it.
Of course, the existence of a mechanism to enable this is itself a thing which can be exploited by the exact same criminals I’m most concerned about with data retained by private businesses, so it’s not much of an improvement even though the attack surface is probably smaller.
[0] and indeed this is why I was already looking to leave the UK even before Brexit; the Investigatory Powers Act gives the Welsh Ambulance Service access to anyone’s “internet connection records” without a warrant.
Private corporations at least do it for money. Governments do it for power. I think it’s a hard case to make that that’s a better reason than to do it for money.
Likewise I would prefer nobody does it, but that isn’t feasible given how easy it is to do it.
But… money is one kind of power, so I don’t think it’s “better”.
Given what happened in living memory to a previous government in (East) Germany that abused surveillance power, I both accept the concern, and yet also don’t expect it to actually apply here, at least not until about 2040 when the last people who remember experiencing the receiving end of it retire.
In smaller democracies the government tend to serve the people. In that case the purpose of the spying is to serve the people and not a government power grab, that is how democracies are intended to work.
Also large enough corporations tend to do things for power reasons rather than money, as once you are a billionaire your money is mostly just a means to exert power so trading money for power is what you do. And at that size they start to intermingle with governments, making the acts of the company hard to separate from acts of the government.
For the people is excellent propaganda, but it’s not rooted in a kind history, nor justification to spy on your own citizens without probable cause nor warrant to do so.
A small democracy can still be an illiberal democracy, and a large democracy can still be a liberal democracy. However the size of the democracy nor the probable liberalness of a democracy should serve as a grant for arbitrary power wielded on behalf of anyone, even “the people”.
Maybe top-100 population US cities don’t count as “small democracies” in your definition. But if they do, I’d argue that small democracies do plenty to protect owners of capital at the expense of people in the lower half of wealth owners.
For example, take the surveillance and excess force against protestors during the summer of 2020 in the US (various judges and courts have agreed that some of the most high-profile police actions were illegal.)
Do warrants really make that much of a difference? I don't really see anything that could be considered incentive or control for keeping that mechanism from slowly (or not slowly at all) degenerating into a rubberstamping process.
I could easily imagine a system that leaves case by case decisions completely to law enforcement practitioners, but constrains them with paper trail requirements (accountability, I do agree with that part) and, most importantly but unfortunately kind of irreconcilable with the legal mindset, an artificial quota that forces them to actually think about the case. I believe that a system like that might in the end lead to less frivolous eavesdropping than one where everything is fair game as soon as they get someone authorized to sign off a form. "I got it signed off" goes a long way when it comes to questions of moral licencing: suddenly it becomes someone else's job to feel bad about it if maybe someone should.
As in motivated law enforcement would want to avoid a questionable warrant that could ruin all their other achievements related to the case? Certainly not in Germany, where the admissibility of evidence is not really a factor: if evidence is assumed to be true then it exists no matter the provenance, if you want to sue the obtaining party for the obtainment process that's a separate case.
And what about situations where the surveillance doesn't even result in a trial? If a suspicion is made up to gain e.g. intelligence over some personal opponent (or personal opponent of someone the eavesdropper swaps favors with) evidence disadmittance couldn't even be an issue at all. But the party requesting the warrant would find it comparatively easy to appease their conscience with "nothing I wrote in the warrant request was a lie". I believe that most people doing bad things don't really like to acknowledge that to themselves, and that many who might actually talk themselves into requesting a questionable warrant would rather not risk running out of "wiretap wildcards" they might later need for doing their actual job. Of course a system trying to cause self-regulation with a quota could still be designed in dysfunctional ways (e.g. if there were "leftover wildcards" at the end of a quarter, those would be powerful fuel for abuse), but with a bit of care those pitfalls should be avoidable.
at least in the States one effective counterforce to this concern is that judges are very adamant about the separation of policy making (legislation) and the courts (judiciary). Most judges are conservative (read 'purist') about the doctrine of the separation of the branches of government and don't take well to pressures from the other two. The upshot is that warrant issuance is seen as a vital part of their domain and they don't sell it away.
