If a user withdraws marketing consent, what must your data platform do?

Suppress the user from all marketing-purposed datasets within the SLA defined in your privacy policy

Which of the following is the most robust way to implement data retention on a massive event logging system?

Configuring an automated Time-to-Live (TTL) or storage lifecycle policy that physically drops records older than X days

Running a manual `DELETE FROM ... WHERE` query every month

Configuring an automated Time-to-Live (TTL) or storage lifecycle policy that physically drops records older than X days

Adding an `is_expired` boolean column

Moving the database to an encrypted hard drive

Consent and Retention — Semantic Web Academy

Overview

Consent and Retention

Consent is a record, not a checkbox; retention is a daily delete job.

Why it matters

Most regulators care less about your privacy policy and more about whether your system actually honours it (deletes when consent is withdrawn, ages out beyond retention).

Going deeper

The engineering behind Retention and Consent:

Immutable Consent Logs: A consent table should be append-only. (user_id, granted, purpose, timestamp, policy_version). When they withdraw, you append a new row granted = false.
Time-to-Live (TTL): Modern systems use TTL configurations on storage layers (like DynamoDB TTL or S3 Lifecycle policies) to automate retention.
Tombstone tables: In an RDBMS, instead of running random DELETE queries, teams often move expired data to a cold tombstone table, which is periodically wiped by an automated, auditable script.

If retention requires a human to remember to run a script, you are already non-compliant.

Analogy

Consent and Retention is like a library book's checkout slip.

When you check out a book, the slip inside the cover (or in the system) shows exactly when it's due back. When the due date hits, the librarian expects you to return it. If the librarian gives you a book but has no system for tracking when you checked it out, they've essentially given it to you forever. In data terms, a checkbox that says 'I agree' without storing when, what version of the policy, and when to delete is useless against an audit. Retention means writing the 'due date' on the data, and having a robotic librarian that strictly shreds it when time's up.

Make it stick

Use the prompts below to anchor consent and retention to something you actually own.

›Assume a user clicks 'Withdraw Consent' in your app right now. How many milliseconds does it take for that choice to cascade to your marketing system?
›Look at the oldest table in your database. Is there any retention policy currently running against it?
›If an auditor asked you to prove that a specific user consented to version 2.1 of your privacy policy, could you query that exact record?

Reading in progress · 0 of 2 activities done