The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
Recent Posts
- Privacy and internet log files
- A Christmas story from the Commissioners
- The importance of audits
- Intel, Google Asked to Help Revise EU Data Protect...
- Privacy Commssioner focuses on protection of perso...
- European court rules retention of innocents' DNA i...
- Privacy right extends to drugs in luggage
- Federal Commissioner tables annual report on Priva...
- Privacy Commissioner's 2007-2008 Annual Report to ...
- Privacy commissioner urged to probe Tory eavesdrop...
On Twitter
About this page and the author
The author of this blog,
David T.S. Fraser, is a Canadian privacy lawyer who practices with the
firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
Privacy Calendar
Archives
- January 2004
- February 2004
- March 2004
- April 2004
- May 2004
- June 2004
- July 2004
- August 2004
- September 2004
- October 2004
- November 2004
- December 2004
- January 2005
- February 2005
- March 2005
- April 2005
- May 2005
- June 2005
- July 2005
- August 2005
- September 2005
- October 2005
- November 2005
- December 2005
- January 2006
- February 2006
- March 2006
- April 2006
- May 2006
- June 2006
- July 2006
- August 2006
- September 2006
- October 2006
- November 2006
- December 2006
- January 2007
- February 2007
- March 2007
- April 2007
- May 2007
- June 2007
- July 2007
- August 2007
- September 2007
- October 2007
- November 2007
- December 2007
- January 2008
- February 2008
- March 2008
- April 2008
- May 2008
- June 2008
- July 2008
- August 2008
- September 2008
- October 2008
- November 2008
- December 2008
- January 2009
- February 2009
- March 2009
- April 2009
- May 2009
- June 2009
- July 2009
- August 2009
- September 2009
- October 2009
- November 2009
- December 2009
- January 2010
- February 2010
- March 2010
- April 2010
Links
Blogs I Follow
Small Print
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, January 02, 2009
Log retention initiatives
Just posted on Slaw:
Slaw: Log retention initiativesI wrote two weeks ago about privacy issues related to the log files that are created and retained by internet companies. The moral of that story was that there is a significant amount of information that is collected in these logs and when they are retained and collated, they can reveal a lot of personal information. I concluded by saying:
I don’t think it’s too far fetched to think of a day when it will become standard for all investigations involving the internet to include a warrant served on Google or Yahoo! or Microsoft for all logs related to a particular user or IP address or both.In Canada, many may remember "lawful access", which was the subject of a number of consultations beginning in 2002. The consultation backgrounder and FAQ solicited comment on preservation orders (here) but the topic was not addressed when the Liberal government introduced the Modernization of Investigative Techniques Act (MITA). I am sure that preservation orders remain on the wish lists for law enforcement in Canada, but they're not here yet.
Europe has taken a different path. In 2006, the European Union adopted Directive 2006/24/EC entitled "on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks". The Directive is meant to harmonize the retention rules of the members of the European Union. It requires that member states adopt rules or legislation to make it mandatory for communications providers to retain certain log-type data for at least six to twelve months. From the "Subject Matter and Scope" clause of the Directive:
1. This Directive aims to harmonise Member States' provisions concerning the obligations of the providers of publicly available electronic communications services or of public communications networks with respect to the retention of certain data which are generated or processed by them, in order to ensure that the data are available for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law.The Directive goes beyond web communications and includes e-mail, telephone, VOIP and mobile phones. The sort of data that has to be collected and retained is that which identifies the source of the communication, the destination of the communication, the device that was used to make the communication and the "user ID" (defined to mean "a unique identifier allocated to persons when they subscribe to or register with an Internet access service or Internet communications service"). The Directive makes is plain that communications providers are not to retain the content of the communication (Article 5(2)).
While the Directive is aimed at saving information so that it can be obtained after the fact in connection with investigations, the debate over data retention in the United States has mainly focused on what has been reported to be informal and secret arrangements made by the National Security Agency and various telephone companies to save telephone calling information. This story was broken by USA Today: USATODAY.com - NSA has massive database of Americans' phone calls.
In addition, US criminal law permits law enforcement to make a written request for the preservation of records for 90 days (renewable for a further 90 days) (US CODE: Title 18, s. 2703(f)):
(f) Requirement To Preserve Evidence.—(1) In general.— A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.
(2) Period of retention.— Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.
More recently, the Bush Administration has been pushing for broader retention requirements: FBI, politicos renew push for ISP data retention laws | Politics and Law - CNET News.
This posting has presented a brief snapshot of some legal initiatives that affect internet log retention in a selection of countries. It does not seem likely to me that the debate is over; we will likely see EU-type proposals put forward in both Canada and the US in the coming years.
Labels: google, ip address, privacy, retention
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.
