The Right to Oblivion: Data Retention from Canada to Europe in Three Backward Steps

[] The issue of data retention is one that has become prominent in recent times, particularly with the recent extension of Canadian privacy legislation to cover the private sector. This paper investigates the origins of the prohibition on data retention under European and Canadian law and its subsequent development in Europe and Canada with an emphasis on the trends, disparities and other consequences generated by the prohibition since 1968, the date of the first Council of Europe recommendations in relation to data protection in general. In Europe, ever since the first proposal for harmonized data protection laws was made by the Council of Europe in 1973, one of the fundamental principles of data protection law has been that of data retention or data conservation – that is, the obligation of the data user or controller to keep data for a limited period of time only. The 1995 EU Directive on Data Protection contains an express data-retention principle. The OECD Guidelines, which were used to develop Canada’s privacy standard and subsequent privacy legislation, are less explicit. In Canada, Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) establishes Principle 5 on data retention or data conservation, which is closely allied with its European counterpart. The connections between each of these discrete legal instruments are obscured by the legal backgrounds to each of PIPEDA and the EU Directive. The paper examines the data-retention principle under PIPEDA, analyzing the extent to which this principle has been influenced by the European legal developments and the extent to which other factors were important in shaping this fundamental rule.***** [Résumé] La question de la rétention des données est devenue un sujet de l’heure récemment, en particulier avec l’extension récente de la loi canadienne relative à la protection de la vie privée au secteur privé. Cet article examine les origines de la prohibition de la rétention des données en droit européen et canadien et son évolution subséquente en Europe et au Canada, en insistant sur les tendances, les disparités et les autres conséquences de cette prohibition depuis 1968, date à laquelle le Conseil de l’Europe a fait ses premières recommandations relativement à la protection des données en général. En Europe, depuis que le Conseil de l’Europe a proposé pour la première fois en 1973 l’harmonisation des lois relatives à la protection des données, l’un des principes fondamentaux de cette protection est la rétention ou la conservation des données, c’est-à-dire l’obligation que l