An important detail nobody is mentioning is that this is EU only due to privacy laws there. Sony still sucks, etc., but it’s important to get the facts straight.
They are deliberately misinterpreting that law. This law only applies for data that they no longer have a legitimate reason to retain. It’s not just a rolling 3-year counter that starts every time you log out and gets reset every time you log in.
I haven’t logged into Facebook in well more than 3 years they haven’t deleted my data and that isn’t a violation, I haven’t deleted my account (I can’t I’ve forgotten the password and no longer have access to the original email, it’s my problem).
It’s only for things now lapsed gym memberships, or car dealerships keeping your data after you purchase a vehicle from them. They can keep that data for 3 years and then they have to delete it.
What would be the point of misinterpreting it? They have no such limit in the US; if it were for some nefarious purpose you’d think they’d implement it everywhere.
No other online store is doing this. The only one that comes close afaik is Ubisoft (who couldve guessed), but only if you own zero games on that account.
They are required to delete certain data about you if its no longer necessary for their service, but not everything, especially since you have an ongoing contract with them. They either couldn’t be bothered to only delete parts of data they consider useless already and instead chose to just wipe everything, or that’s their way of malicious compliance.
Define how long each category of personal data is stored
Justify each retention period with a legal or operational basis
Ensure data is deleted or anonymised once the purpose ends
Document all retention rules in a clear and accessible format
Apply retention rules consistently across all data systems
Ensure third-party processors comply with the organisation’s retention instructions
They can define their own reasonable terms. Sony chooses to delete that stuff.
An important detail nobody is mentioning is that this is EU only due to privacy laws there. Sony still sucks, etc., but it’s important to get the facts straight.
There’s totally no EU law forcing companies to delete stuff you bought.
It’s this. I don’t feel like looking up the relevant part, but feel free to if you like.
The relevant bit is this one here:
It’s hard to argue that buying something on a digital platform is not a contract between the user and the platform.
Thanks! The 3 year time limit isn’t mandated and was chosen by Sony. I believe other companies have chosen even lower ones.
Which is, of course, wrong: The duration of contract for a store like Sonys is the whole time the store is up and running.
Well, they did it due to the GDPR regulations for some reason, since they don’t do it in not-EU places.
They are deliberately misinterpreting that law. This law only applies for data that they no longer have a legitimate reason to retain. It’s not just a rolling 3-year counter that starts every time you log out and gets reset every time you log in.
I haven’t logged into Facebook in well more than 3 years they haven’t deleted my data and that isn’t a violation, I haven’t deleted my account (I can’t I’ve forgotten the password and no longer have access to the original email, it’s my problem).
It’s only for things now lapsed gym memberships, or car dealerships keeping your data after you purchase a vehicle from them. They can keep that data for 3 years and then they have to delete it.
What would be the point of misinterpreting it? They have no such limit in the US; if it were for some nefarious purpose you’d think they’d implement it everywhere.
No other online store is doing this. The only one that comes close afaik is Ubisoft (who couldve guessed), but only if you own zero games on that account.
They are required to delete certain data about you if its no longer necessary for their service, but not everything, especially since you have an ongoing contract with them. They either couldn’t be bothered to only delete parts of data they consider useless already and instead chose to just wipe everything, or that’s their way of malicious compliance.
Under the GDPR, every organisation must:
Define how long each category of personal data is stored Justify each retention period with a legal or operational basis Ensure data is deleted or anonymised once the purpose ends Document all retention rules in a clear and accessible format Apply retention rules consistently across all data systems Ensure third-party processors comply with the organisation’s retention instructions They can define their own reasonable terms. Sony chooses to delete that stuff.
Yeah, that. Other companies have even lower time limits.