If I order online, my data only needs to be retained until I get my item. A electronic receipt can be sent via email.
Social networks should have human moderation, and not insist on retaining real-world data about users.
These things could be accomplished through regulation, and if enough countries (or US states) put those regulations in place it will eventually be more cost-effective for companies to implement the changes globally.
Tax records are required to be kept for 7 years in North America (generally, as far as I know - def in Canada). So you order something online from a business, they have a business need to keep your data on hand for 7 years in case an auditor / tax person comes asking about it. Be that someone auditing the business, or someone auditing a customer. That’s a requirement from the government.
I’ve seen customers ask for tax stuff going back up to 20 years from a business. In those cases, if there’s demand for data going back that far for whatever reason, the business can internally say “We have a business reason to retain data longer” because people ask for it – there’s demand. So they can justify to auditors/legal sorts retaining that information indefinitely, based on user demands/requests.
In some cases when I’ve seen those ancient requests, it’s also tied to legal disputes from customers – eg. Trying to prove in a divorce that such and such was bought by party A in 2005 for X amount. In some cases, there’re class actions that go outside the 7 year window, and require data from further back to sort out – for example there’s a case in Canada currently where a financial lender is paying back ~$2000 per person that took a loan from them from 2016-2021 (so ~10 years of personal data needs to’ve been kept, to verify early claimants). Part of needing to keep data so long, is that the court cases are often so drawn out that the 7 year window would make some crime/wrong-doing much more difficult to prosecute due to a lack of evidence. I know of one class action lawsuit in the Financial Industry that’s been ongoing since the 90s, and still isn’t fully resolved – most of the potential class action recipients are deceased at this point, and the only people profiting are lawyers, but still. Lawyers are a part of the problem, and a reason why data is often being held longer and longer. Honestly, Lawyers are also terrible at securing their data --they tend to rely on paper-controls to prevent their unsecured data from getting used, rather than actual hardening. Like there was a guy who spent a few years in Colombia or something, his personal laptop being used for all sorts of nefarious stuff, and when he came back to Canada and the border people took his laptop, it was totally unencrypted/unsecured. They guy just argued it was his “legal work” laptop and everything on it is confidential and can’t be used in court.
Idk. I think your approach is overly simplistic for the issue. There’s a lot of “stuff” related to corporate data retention policies and methods, and I don’t really see much nuance in what you’re proposing. Hell, if they only kept your data till you got your item, youd NEVER be allowed to get a refund, cause they’d have no record of you purchasing the item.
The EU GDPR doesn’t go nearly far enough.
If I order online, my data only needs to be retained until I get my item. A electronic receipt can be sent via email.
Social networks should have human moderation, and not insist on retaining real-world data about users.
These things could be accomplished through regulation, and if enough countries (or US states) put those regulations in place it will eventually be more cost-effective for companies to implement the changes globally.
Tax records are required to be kept for 7 years in North America (generally, as far as I know - def in Canada). So you order something online from a business, they have a business need to keep your data on hand for 7 years in case an auditor / tax person comes asking about it. Be that someone auditing the business, or someone auditing a customer. That’s a requirement from the government.
I’ve seen customers ask for tax stuff going back up to 20 years from a business. In those cases, if there’s demand for data going back that far for whatever reason, the business can internally say “We have a business reason to retain data longer” because people ask for it – there’s demand. So they can justify to auditors/legal sorts retaining that information indefinitely, based on user demands/requests.
In some cases when I’ve seen those ancient requests, it’s also tied to legal disputes from customers – eg. Trying to prove in a divorce that such and such was bought by party A in 2005 for X amount. In some cases, there’re class actions that go outside the 7 year window, and require data from further back to sort out – for example there’s a case in Canada currently where a financial lender is paying back ~$2000 per person that took a loan from them from 2016-2021 (so ~10 years of personal data needs to’ve been kept, to verify early claimants). Part of needing to keep data so long, is that the court cases are often so drawn out that the 7 year window would make some crime/wrong-doing much more difficult to prosecute due to a lack of evidence. I know of one class action lawsuit in the Financial Industry that’s been ongoing since the 90s, and still isn’t fully resolved – most of the potential class action recipients are deceased at this point, and the only people profiting are lawyers, but still. Lawyers are a part of the problem, and a reason why data is often being held longer and longer. Honestly, Lawyers are also terrible at securing their data --they tend to rely on paper-controls to prevent their unsecured data from getting used, rather than actual hardening. Like there was a guy who spent a few years in Colombia or something, his personal laptop being used for all sorts of nefarious stuff, and when he came back to Canada and the border people took his laptop, it was totally unencrypted/unsecured. They guy just argued it was his “legal work” laptop and everything on it is confidential and can’t be used in court.
Idk. I think your approach is overly simplistic for the issue. There’s a lot of “stuff” related to corporate data retention policies and methods, and I don’t really see much nuance in what you’re proposing. Hell, if they only kept your data till you got your item, youd NEVER be allowed to get a refund, cause they’d have no record of you purchasing the item.