Skip to main content
SpringerLink
Log in

Storage Retention

  • Chapter
  • First Online:
Cybersecurity and Data Laws of the Commonwealth

  • 180 Accesses

Abstract

The retention of data is a complex subject, and is not often considered until there are data breaches. This chapter will demonstrate the varied approaches taken by nation states to regulating data retention. It will be argued that more work is needed to address the inconsistent approaches to retention requirements. The chapter will also highlight how terminology differs across states, which has resulted in a level of confusion of obligations for retention. It will be argued that the Commonwealth should undertake a specific research project on data retention and the future issues that might arise from technology advancements such as artificial intelligence (AI). This is because AI could provide further challenges in holding data for longer than is needed. When coupled with other technology such as quantum, the challengers could be further heightened. Conversely, it could provide benefits to shorten data retention periods, to a short period unless the data subject consents to the retention of their data being retained for extended periods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The Commonwealth, Model Privacy Bill, Office of Civil and Criminal Justice Reform, 2017, https://www.asianlaws.org/gcld/cyberlawdb/COM/P15370_9_ROL_Model_Privacy_Bill_0.pdf.

  2. 2.

    The Commonwealth, Model Bill on the Protection of Personal Information https://www.asianlaws.org/gcld/cyberlawdb/COM/P15370_6_ROL_Model_Bill_Protection_Personal_Information_2.pdf.

  3. 3.

    Data Retention 1010: Policies and Practices, https://www.egnyte.com/guides/governance/data-retention.

  4. 4.

    Ibid.

  5. 5.

    Privacy Act 1988, section 20W, C2014C00076.

  6. 6.

    Australian Parliament, https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6940.

  7. 7.

    Data Protection Act 2013, section 9 http://laws.gov.ag/wp-content/uploads/2019/02/a2013-10.pdf.

  8. 8.

    Sean McWeeny, Data Protection and Privacy 2022: The Bahamas, https://practiceguides.chambers.com/practice-guides/data-protection-privacy-2022/the-bahamas.

  9. 9.

    Data Protection Act 2019, https://gisbarbados.gov.bb/download/data-protection-act-2019/.

  10. 10.

    Regulation 2016/679 Of the European Parliament and the European Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union L 119/1. Article 5(1)(e) of the GDPR states that data kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate.

  11. 11.

    Law No. 001/2011 on the Protection of Personal Data, https://www.dataguidance.com/notes/gabon-data-protection-overview Note that the law is in French, and utilised https://caseguard.com/articles/promoting-data-privacy-and-protection-in-gabon/ and DLA Piper, https://www.dlapiperdataprotection.com/index.html?t=law&c=GA.

  12. 12.

    Data Protection Act 2012, sections 24 https://nita.gov.gh/theevooc/2017/12/Data-Protection-Act-2012-Act-843.pdf.

  13. 13.

    Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5), section 37, https://laws-lois.justice.gc.ca/eng/acts/P-8.6/index.html.

  14. 14.

    Information and Technology Act, 2008, section 7.

  15. 15.

    Data Protection Act, 2020, sections 28, https://japarliament.gov.jm/attachments/article/339/The%20Data%20Protection%20Act,%202020.pdf.

  16. 16.

    Data Protection Act, 2020, sections 74, https://japarliament.gov.jm/attachments/article/339/The%20Data%20Protection%20Act,%202020.pdf.

  17. 17.

    Data Protection Act 2019, https://www.odpc.go.ke/dpa-act/, section 39.

  18. 18.

    Data Protection Act 2022, section 13. https://www.esccom.org.sz/legislation/DATA%20PROTECTION%20ACT.pdf.

  19. 19.

    Data Protection Act 2013, section 19, http://www.nic.ls/lsnic/community/policies/Data_Protection_Act_2011_Lesotho.pdf.

  20. 20.

    Data Protection Bill 2021, section 23, 30, https://digmap.pppc.mw/wp-content/uploads/2022/03/Malawi-Data-Protection-Bill-final-draft-210630-.pdf.

  21. 21.

    Personal Data Protection Act 2010, section 10, https://www.kkmm.gov.my/pdf/Personal%20Data%20Protection%20Act%202010.pdf.

  22. 22.

    Malaysia, Personal Data Protection Regulations 2013 and Personal Data Protection Standards 2015.

  23. 23.

    Malaysia, Personal Data Protection Regulations 2013 and Personal Data Protection Standards 2015.

  24. 24.

    Data Protection Act 2017, section 39(7), https://dataprotection.govmu.org/Documents/DPA_2017_updated.pdf?csf=1&e=0rlrff.

  25. 25.

    Privacy Act 2020, Principle 9 https://www.privacy.org.nz/privacy-act-2020/privacy-principles/

  26. 26.

    Data Protection Regulation 2022, section 39 https://ndpb.gov.ng/Files/Nigeria_Data_Protection_Bill.pdf.

  27. 27.

    Law n°058/2021 of 13/10/2021 relating to the protection of personal data and privacy (the Data Protection Law), Article 52, https://www.minijust.gov.rw/fileadmin/user_upload/Minijust/Publications/Official_Gazette/_2021_Official_Gazettes/October/OG_Special_of_15.10.2021_Amakuru_bwite.pdf.

  28. 28.

    Personal Data Protection Act 2012, section 25, https://sso.agc.gov.sg/Act/PDPA2012?ProvIds=P16-#pr26-.

  29. 29.

    sley Chiou, Catherine Tucker, Search Engines and Data Retention: Implication for Privacy and Antitrust, Working Paper 23815, National Bureau of Economic Research, (2017) p 2.

  30. 30.

    Ibid.

  31. 31.

    Ibid.

  32. 32.

    Ibid, p. 19.

  33. 33.

    Protection of Personal Information 2013, section 14, https://www.gov.za/documents/protection-personal-information-act.

  34. 34.

    Ibid.

  35. 35.

    Data Protection Act, 5 of 2018, Principles 11 https://www.theinformationcollective.com/dpl/st-kitts-data-protection-act.

  36. 36.

    Privacy Act 2003, section 14 https://www.theinformationcollective.com/dpl/st-vincent-and-the-grenadines-the-privacy-act.

  37. 37.

    Fatma Songoro, Brief Highlight and Analysis of the Tanzania Data Protection Bill, 2002, October 2022, https://victoryattorneys.co.tz/insights-brief-highlight-and-analysis-of-the-tanzania-data-protection-bill-2022/.

  38. 38.

    Data Protection Act 2011, section 6, 30, 40, 45, https://rgd.legalaffairs.gov.tt/laws2/Alphabetical_List/lawspdfs/22.04.pdf.

  39. 39.

    Tele2 Sverige AB v Post- ochtelestyrelsen and Secretary of State for the Home Department v. Watson (C 203/15; C‑698/15).

  40. 40.

    [2015] EWHC 2092 (Admin), para 1.

  41. 41.

    Home Office, ‘Investigatory Powers Bill European Convention On Human Rights Memorandum’ (2015) https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473763/European_Convention_on_Human_Rights_Memorandum.pdf.

  42. 42.

    Information Commissioner Office, Adequacy, https://ico.org.uk/for-organisations/dp-at-the-end-of-the-transition-period/data-protection-and-the-eu-in-detail/adequacy/.

  43. 43.

    Data Protection Act 2021, section 2 https://www.parliament.gov.zm/sites/default/files/documents/acts/Act%20No.%203%20The%20Data%20Protection%20Act%202021_0.pdf.

Author information

Authors and Affiliations

  1. Victoria University, Melbourne, VIC, Australia

    Robert Walters

Authors
  1. Robert Walters
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robert Walters .

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Walters, R. (2023). Storage Retention. In: Cybersecurity and Data Laws of the Commonwealth. Springer, Singapore. https://doi.org/10.1007/978-981-99-3935-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-3935-0_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-3934-3

  • Online ISBN: 978-981-99-3935-0

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation