Tweet
Government publishes new, wider Data Retention Regulations
The Government has published a draft law that mandates the retention of data by internet service providers (ISPs) and telecoms companies. The proposed Regulations will replace an earlier law that applied to non-internet data only.
If approved by both Houses of Parliament, the Electronic Communications Data Retention (EC Directive) Regulations 2008 would come into force on 15th March 2009. They will revoke the 2007 Regulations of the same name and complete the UK’s implementation of an EU Directive.
The new Regulations were published on Tuesday as part of a Home Office consultation. According to the Home Office paper, the cost of compliance will reach almost £50 million over eight years.
The EU passed the Data Retention Directive in 2006 as a security measure ordering telecoms companies and ISPs to keep records of all communications so that law enforcement agencies can retrieve information about suspects' use of these systems.
The Home Office confirmed that access to 12 months' worth of call, text, email and internet records will be open to all bodies covered by phone tap law the Regulation of Investigatory Powers Act (RIPA). That includes local councils, health authorities and the Post Office.
The Directive gave member states discretion to mandate the keeping of records for a fixed period as short as six months or as long as two years.
The UK's retention period under the new rules is set at 12 months from the date of a communication, as in the 2007 Regulations. However, a telco or ISP can be served with a written notice by the Secretary of State to vary that period to anything between six and 24 months, a variation that the current rules on non-internet data do not provide for.
The Directive required every member state to have laws in force by 15th September 2007 on the retention of non-internet data. The UK missed that deadline by two weeks. The Directive also requires that national laws apply to internet data no later than 15th March 2009.
The data that will be kept will be information about a call or internet use, such as the time of the call or use, its instigating number or internet protocol address, the destination phone number, email addresses or URLs visited, the geographical location of mobile phones in a call and the duration.
The law will not order companies to record or store the content of any communication, i.e. what is said on a phone call or written in an email.
The Government currently operates a voluntary system of record keeping of internet data. It has discretion to reimburse companies for the costs involved in keeping the data and making it available to Government agencies.
It has said that the cost of keeping internet and phone records will be £30.35 million in capital costs and another £16.23 million over eight years.
Last week it emerged that the Government has given telecoms firms grants of £18.5 million over five years to help to pay for the costs associated with voluntary retention.
The Regulations do not oblige the Government to compensate telcos and ISPs for the costs of retention and data retrieval, maintaining the discretionary nature of reimbursement.
“The Secretary of State may reimburse any expenses incurred by a public communications provider in complying with the provisions of these Regulations,” they say. “Reimbursement may be conditional on the expenses having been notified to the Secretary of State and agreed in advance.”
The Government is also said to be considering creating its own single database of call and internet usage records. The Home Office has not expanded on outline changes in its Draft Legislative Programme on a possible single database of records.
The Data Retention (EC Directive) Regulations 2007 No. 2199
If approved by both Houses of Parliament, the Electronic Communications Data Retention (EC Directive) Regulations 2008 would come into force on 15th March 2009. They will revoke the 2007 Regulations of the same name and complete the UK’s implementation of an EU Directive.
The new Regulations were published on Tuesday as part of a Home Office consultation. According to the Home Office paper, the cost of compliance will reach almost £50 million over eight years.
The EU passed the Data Retention Directive in 2006 as a security measure ordering telecoms companies and ISPs to keep records of all communications so that law enforcement agencies can retrieve information about suspects' use of these systems.
The Home Office confirmed that access to 12 months' worth of call, text, email and internet records will be open to all bodies covered by phone tap law the Regulation of Investigatory Powers Act (RIPA). That includes local councils, health authorities and the Post Office.
The Directive gave member states discretion to mandate the keeping of records for a fixed period as short as six months or as long as two years.
The UK's retention period under the new rules is set at 12 months from the date of a communication, as in the 2007 Regulations. However, a telco or ISP can be served with a written notice by the Secretary of State to vary that period to anything between six and 24 months, a variation that the current rules on non-internet data do not provide for.
The Directive required every member state to have laws in force by 15th September 2007 on the retention of non-internet data. The UK missed that deadline by two weeks. The Directive also requires that national laws apply to internet data no later than 15th March 2009.
The data that will be kept will be information about a call or internet use, such as the time of the call or use, its instigating number or internet protocol address, the destination phone number, email addresses or URLs visited, the geographical location of mobile phones in a call and the duration.
The law will not order companies to record or store the content of any communication, i.e. what is said on a phone call or written in an email.
The Government currently operates a voluntary system of record keeping of internet data. It has discretion to reimburse companies for the costs involved in keeping the data and making it available to Government agencies.
It has said that the cost of keeping internet and phone records will be £30.35 million in capital costs and another £16.23 million over eight years.
Last week it emerged that the Government has given telecoms firms grants of £18.5 million over five years to help to pay for the costs associated with voluntary retention.
The Regulations do not oblige the Government to compensate telcos and ISPs for the costs of retention and data retrieval, maintaining the discretionary nature of reimbursement.
“The Secretary of State may reimburse any expenses incurred by a public communications provider in complying with the provisions of these Regulations,” they say. “Reimbursement may be conditional on the expenses having been notified to the Secretary of State and agreed in advance.”
The Government is also said to be considering creating its own single database of call and internet usage records. The Home Office has not expanded on outline changes in its Draft Legislative Programme on a possible single database of records.
The Data Retention (EC Directive) Regulations 2007 No. 2199
