If the information is not explicitly required by law to be retained, then there is no penalty for deleting expired information in accordance with the firm’s retention policy.
Having designed and implemented site retention policies in a country with GDPR-like laws, what this means in practice is that you’re a fool to retain anything longer than you absolutely have to for compliance or essential business reasons. Retained information is a liability and a legal risk.
Telorand@reddthat.com 1 week ago
I think you’re putting the cart before the horse. I’m not suggesting they destroy information after a court order.
They do have to comply with various laws, but they are not required to store user information at times when there’s not pending legal filings, and they are not required to store that information for every single user even if there were filings. Courts have to make very concise requests for information. They can’t just say, “Give me your entire database,” unless there was a prescient reason why the entire database was required to make the case (and a judge would have to weigh whether collecting the information of unrelated parties was too invasive).
Yes, but they do not have to. They do, in order to service their instances, but unless there is a law that compels storing identifying information, they do not have to do it.
If identifying-information-storage was so vital, logless VPNs wouldn’t exist.
Anyway, all of that is beside the point. No business will break the law for you. They’re “refusing” to comply, because they don’t have to (jurisdiction), they have had a torrent of bad press lately, and they’re trying to put on an air of being user-centric to entice people to stay.
General_Effort@lemmy.world 1 week ago
I see no technical reason why a VPN would need to store outgoing connections. I would be surprised if they didn’t store incoming connections, but I don’t actually know.
Anyway, just don’t make stuff up. You’re not making the world a better place. You ever heard of these Qanon guys? They made up a lot of shit and they didn’t make the world a better place.
Telorand@reddthat.com 1 week ago
I do. Which is why I used that example. If you want to get really technical, they do store that information, but only for a very short time and only in RAM. That means that when the server power cycles or the system does garbage collection, those temporary logs are gone. Your personal incredulity or ignorance is not my problem.
How dare you accuse me of being of the same caliber as Qanon. You don’t know me. Fuck off with your Reddit apologetics.
futatorius@lemm.ee 1 week ago
Arrogance aside, there are also technical reasons to persist connection data longer than would make sense in RAM. Supporting after-the-fact problem investigation is one big one. If your incident-reponse SLA is one working day, you need to keep the data at least that long.
General_Effort@lemmy.world 1 week ago
I know that you recklessly spread disinformation and react to proposed facts with hostility rather than curiosity. I don’t know more about the qanon people either.