Versions Compared

Version Old Version 1 New Version Current
Changes made by

Chris Michael

Manish Haldankar (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A licensed TPP is responsible for being compliant compliance with the Data Protection Laws for all data acquired by the User where the OF data is just a part of it.

The OF guidelines on handling of historical data post revocation of a Long-Lived consent are the following :

  • On Content revocation, the TPP MUST confirm what happens to any existing data that the TPP has already retrieved and which data they no longer require and will be deleted (per Data Protection Laws). This information must be available in the Terms and Conditions agreed by the User.

  • the TPP MUST provide an option on the consent management dashboard to allow the User to delete all historic data when the consent is revoked. This could be a call to action on the dashboard or information on how the User can request the deletion of the data.

2. Account Deletion

If the PSU deletes the account with the TPP and ends the relationship, the TPP may need to continue holding some of the information for legal or operational reasons for a further set time. This minimum information could be from the OF data.

...

  • confirm to the User which of the OF data they need to continue holding for legal or operational reasons reasons. This information must be available in the Terms and Conditions agreed by the User.

  • confirm the deletion of the remaining OF data by communicating this to the User.