[eix-wg] RIPE 53 EIX-WG Draft Minutes

Rudolf van der Berg said:
>> Kurtis Lindqvist (NETNOD) referred to data protection law, and advised
>> that
>> if the data is logged then it must be kept because you may be asked to
>> hand
>> it out. Elisa answered that data which is decoded (such as mac addresses)
>> is kept, as well as the graphs so that the members can see their
>> information. The rest of the sFlow datagram is not decoded by the software
>> so there is nothing to keep.
> 
> In principle the EU regulation the retention of data only applies to data
> that is on the list. sFlow data and headerdata of IP-packets is not on the
> list, so there is no necessity to retain it even if you log it. On top of
> this, the Privacy directives do apply, so data that is not on the list
> must be deleted when not used anymore for business purposes. Now the
> dataretention directive is the bottom limit and countries are allowed to
> do more, so always check with your local implementation of the Data
> Retention directive.

Note that all of this only applies to data that identifies or relates
to living individuals. A customer IP address, even if dynamic IP is used,
could fall under this category because in principle it relates to one
person. Data at a greater granularity (e.g. flows between ISPs) is not
covered.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
THUS plc            |                            |