How long do isp keep browsing history and what information do they delete after the retention period?

4.7K    Asked by AnishaDalal in SQL Server , Asked on Dec 23, 2021

What happens when ISPs delete logs and police approach them asking to resolve an IP address at a particular time on a particular day to a real person and their details (contact, address etc..)? Does "deleting logs" mean deleting the record of which subscriber was assigned what dynamic IP address and when? Or ISPs never delete data about who had what IP and when, but just delete what they had accessed and for how long?

Answered by Andrew Jenkins

In a nutshell, explaining how long do isp keep browsing history leads to understanding that the duration and scope of data retention is dictated by legal requirements, and then operational/business decisions may come into play. ISPs may or may not be allowed to keep logs for longer than legally necessary but storage and maintenance has a cost. Unless there is value in mining that particular data, the incentive for an ISP to keep logs forever is low.


The most important (and possibly the only) information that the ISP can provide is whose connection was assigned what IP address at a given time. The aim being to identify a customer from an IP address recorded somewhere else (eg in web servers logs). The ISP probably doesn't have so much insight into your browsing activity. If you use their DNS they may figure out what websites you visited, but many people use a third-party DNS like Google, Quad9 etc. Even if the ISP tapped your whole traffic because you are a "person of interest" most of it would be encrypted anyway (https mostly). If the police need more details about what you did on some website where your IP address was recorded, then the police would have to subpoena the webhost or whatever. The ISP has only part of the information, which is crucial for investigations but very limited at the same time. Read the terms and conditions of your ISP and see if there is any mention of what data is logged.



Your Answer

Answer (1)

The retention period for browsing history by Internet Service Providers (ISPs) can vary significantly depending on the country, local laws, and the specific policies of the ISP. Here are some general guidelines:

Retention Period

United States: ISPs are not legally required to keep logs of their users' internet activity for any specific period, but some may voluntarily retain data for a period ranging from several months to a couple of years.

European Union: Data retention laws can vary by country. The Data Retention Directive previously mandated retention for six months to two years, but it has been invalidated. Some countries have their own laws, typically requiring retention for 6-12 months.

Australia: The Data Retention Law requires ISPs to keep metadata (not the actual content of communications) for two years.

India: ISPs must retain user data for a minimum of one year as per government regulations.

Other Countries: Retention policies and laws can vary widely. It's essential to check the specific regulations in your country.

Types of Data Retained

ISPs typically retain various types of data, including:

Metadata: This includes information about when and where communications were made (e.g., IP addresses, timestamps, duration of connections).

Browsing History: Specific URLs visited by the user.

Email Records: Metadata about emails sent and received (though not the content).

Connection Logs: Information about the connections made, such as IP addresses assigned to the user and timestamps.

Post-Retention Period

After the retention period, ISPs are generally required to delete the retained data. The specifics of what and how they delete can vary:

Metadata Deletion: This typically includes IP address logs, timestamps, and connection duration.

Browsing History Deletion: URLs visited by the user are deleted.

Account Activity Logs: Information about the user’s account activity may be deleted.

Privacy and Security Concerns

While ISPs are expected to delete data after the retention period, there can be concerns about:

Incomplete Deletion: Data might not be completely erased from all backup systems.

Security Breaches: Data might be vulnerable to unauthorized access before it is deleted.

How to Find Out More

For specifics about your ISP’s data retention policies, you can:

Check their Privacy Policy: Most ISPs provide details on their data retention practices in their privacy policy.

Contact Customer Support: You can directly ask your ISP about their data retention period and deletion practices.

Refer to Local Laws: Understanding the data retention laws in your country can give you an idea of what ISPs are required to do.

Understanding these practices can help you make informed decisions about your online privacy and the use of services like VPNs to enhance your privacy.

3 Months

Interviews

Parent Categories