What is Data Retention?
By Nick Anderson 5 minutes
Data retention describes the storing and management of data that pertains to the customers of a business. Businesses keep records to identify users and to comply with laws pertaining to their respective industries. In the digital space, telecommunication and internet service providers are legally required to record and maintain records of more than the just basic information of users.
It is a business practice that when practiced in secrecy and without consent, can be invasive to the privacy of the user.
What is Data Retention?
The term data retention has appeared several times in the past few years due to debates around Net Neutrality and censorship. The term gained mainstream prominence in 2013 when Edward Snowden revealed court documents that ordered the telecommunications and internet service provider Verizon to keep records of the internet activities of its users.
Data retention is simply the management of user data for up to a period defined by the businesses’ needs or the guidelines set by regulatory entities. It is standard practice that allows the business to function.
It may include, but is not limited to, information such as name, address, billing information. Businesses have to not only keep data to operate but also comply with laws that are specific to that type of business. For example, businesses in the health care space have to comply with guidelines outlined by Health Insurance and Portability and Accountability Act (HIPAA).
What Does Data Retention Mean for Online Privacy?
Telecommunication and Internet Service Providers (ISP) also have to follow guidelines. In the United States, these service providers have to record internet activities, IP addresses, call logs, device type, location, duration of each session, for a period of no less than six months.
The information can be requested by law enforcement agencies at any time with or without a court order. The directives are to curb terrorism and prevent violence, but we have seen how it has also been used to limit freedom of speech and surveillance.
When you sign up for internet service, it is expected that some fundamental information will be shared between you and the provider. Your name, address, phone number, email address, and billing information are the types of information the service provider requires to know who you are and invoice you every month. What you do on the internet will remain a private matter.
That changes once governments decide they need to tap into every person’s call and web history in the country. More invasive types of surveillance also exist in the world in the form of Deep Packet Inspection (DPI), where service providers can examine the data packet to determine the type of traffic and allow/disallow it.
The Great Firewall of China is the biggest example of how DPI can be used to monitor web traffic and control access.
Data Retention is Not Evil
Data retention is not inherently evil. It is a common misconception that any service storing information about a user is breaching privacy. Keeping data about certain things is expected for the function of a service.
But in the context of online privacy, the term data retention has taken negative connotations. When service providers go out of their bounds to monitor web traffic for surveillance, that’s when it becomes a privacy concern. Verizon was ordered to record the internet activities of its users under the directive of the Foreign Intelligence Surveillance Court. The same directive also prohibited Verizon from acknowledging the existence of the order.
In the UK, a bill was passed that gives the government power to log and retain the metadata of users. It includes things like call history and browsing history. The Data Retention and Investigatory Powers (DRIP) bill grant law enforcement agencies the power to demand such data at will without notice.
The “Five Eyes” is an alliance of five countries – the US, UK, Canada, Australia, New Zealand – that share signals intelligence with each other.
FastestVPN and Data Retention
When it comes to protecting the privacy of users, jurisdiction matters a lot. Internet service providers operating in a country are legally bound to follow the government’s directives. The USA is one of the many territories that are considered unsafe when it comes to online freedom and privacy.
FastestVPN is based in the Cayman Islands – a territory that exists out of the jurisdiction of the Five Eyes countries. It allows FastestVPN to uphold the commitment that we will never log your web activity and store them.
Where ISPs monitor and log web activities, VPNs are seen as an ideal tool that allows users to encrypt their communication, thereby hiding all web activity from the ISP and the government. But not all VPN services are created equal, which is why understanding where the VPN service is based is crucial.
Governments do not like VPN services because they allow users to bypass censorship and surveillance set by them. It is why many authoritarian countries have banned the use of VPNs, except the services that can give them access to their traffic.
FastestVPN follows a zero logs policy that defines web activity of users will never be recorded.