What Exactly is Data Retention and How Does it Effect Me?
What is Data Retention?
Data retention is something that most companies engage in. The simple act of storing customer information for the purposes of repeated billing or invoicing is “data retention.” Companies retain data for a variety of reasons, from the purely practical (“We keep your email address so that we can contact you letting you know your balance is due.”) to reasons that are more marketing focused or monetization-driven.
Depending on how much data is retained and how it is used, customer privacy may be more or less impacted.
What are data retention laws?
Data retention laws are laws that force companies to maintain a specific set of data to retain and/or mandate a specific period for which to maintain it. Data retention laws are passed on a per-country basis.
As described by EFF: “Most ISPs and telcos give subscribers an IP address that changes periodically. Mandatory data retention proposals force ISPs and telecom providers to keep records of their IP address allocations for a certain period of time. This allows law enforcement to ask ISPs and telecom providers to identify an individual on the basis of who had a given IP address at a particular date and time.”
Why do data retention laws exist?
The sole purpose of data retention laws is to make sure law enforcement can request the data. Data retention laws are not enacted to protect consumers or companies. They exist solely so companies can provide the data if law enforcement feels a need for it.
Law enforcement can always request data, even if data retention laws don’t exist, but with data retention laws, there’s a legislated penalty if companies don’t retain the data and law enforcement later requests it and finds they can’t get it.
How does data retention impact Internet users and their privacy?
Data retention causes privacy concerns in terms of government surveillance, as the government has access to data to snoop, monitor, investigate or otherwise use it as they please. Because the data is required to be kept, it becomes an attractive target for people looking to steal people’s personal information for identity theft.
How does a VPN protect me from data retention laws?
A VPN encrypts your Internet connection. Meaning that your ISP or telecom company cannot see what websites you visit, your online activity or the content of your communications. Golden Frog’s VyprVPN for example also retains less data than an ISP or other provider does.
What about the data that Golden Frog retains?
Golden Frog only collects a minimal amount of information when you connect over our VPN product (VyprVPN), and only retains it for a period of 30 days. We retain:
- Customer’s source IP address (generally the IP address assigned by the customer’s ISP)
- VyprVPN IP address used by the user
- Connection start and stop time
- Total number of bytes used
We also collect information related to billing subscribers:
- payment information
- customer name
- billing address information (as required by some payment methods)
- email address
- date and time account began
That’s it. For more information on why what we log, read our 10 Myths article.
How does Golden Frog handle your data? If my country passes a data retention law, will they be able to snoop on my info on Golden Frog’s servers?
The 30-day data (referenced above) is kept on our Swiss servers. Individual servers outside of Switzerland keep some of that data locally for no more than 30 days, typically for less than 7 days, to enable us to transfer it to Switzerland reliably. Data retention laws typically don’t govern data accessibility. They govern data retention. Data accessibility is normally governed by existing laws (warrants, court orders, etc.). Data retention laws just legislate making sure there is data available so that access requests will produce results.
How does Golden Frog protect against data retention?
As mentioned above, Golden Frog encrypts your Internet connection to protect your details from your ISP or Telecom provider and we store our data on our Swiss servers. We own and run our own network with no third parties, so we can guarantee the highest level of privacy and security.