Paraguayan law establishes the duty of retention of traffic data relating to electronic communications, forcing service providers and intermediary service providers data hosting, data storage connection and traffic generated by the communications established during providing a service for a minimum period of 6 (six) months, while for the European Court, the data had to be kept under the legislation declared invalid, could provide very precise information about the private lives of individuals, as the habits of daily life, places of residence, commuting, activities, social relations and social media frequented.

The news that the Court of Justice of the European Union (EU) had just declared invalid, due to a prejudicialidad filed by an Irish and an Austrian court, 2006 EU Directive on data retention, considering that this constituted a large and particularly serious interference, showed, once again, the squalid protection of personal data in the prevailing Paraguayan Electronic Commerce Act 4868/2013.

Paraguayan law establishes the duty of retention of traffic data relating to electronic communications, forcing intermediary service providers and hosting service providers, to storage  connection and traffic data generated by the communications established during a service for a minimum period of 6 (six) months.

Recently invalid-declared community legislation concerned the retention of data generated or processed in connection with the provision of publicly access electronic communications or public public networks and aimed to ensure the availability of these data for the prevention, investigation, detection and prosecution of serious crimes, such as organized crime and terrorism, stating that providers should retain traffic and location data as well as necessary data to identify the user but it didn´t authorize the conservation of contents or information consulted.

But, to the European Court, the data had to be preserved could provide very precise information about the private lives of individuals, as the habits of daily life, places of residence, commuting, activities, social relations and frequented social media.

Although the possible transmission of such data to relevant national authorities responds to a public interest objective (fight against serious crime and public safety), the Court held that the Directive had exceeded the limits required by the principle of proportionality and regulations did not set any objective criteria to guarantee exclusive access by the competent national authorities to that data.

To comply with the provisions of the Paraguayan law, the data will be stored only for the purpose of facilitating the location of the terminal used by the user for the transmission of information, without specifying in the territory of which State could this storage performed.

Hosting providers should store only those data necessary to identify the source of the stored data and the time the service began. The stored data can not be used for purposes other than the purposes allowed by law, appropriate to prevent loss, alteration or unauthorized access security measures must be taken.