UK Internet data-retention law comes into force

From this week, Internet service providers will be obliged to retain details of Internet communications, including e-mail, for 12 months.
Written by Tom Espiner, Contributor

Internet service providers will have to retain details of Internet communications, including e-mail, under U.K. law which came into force on Monday.

The Data Retention (EC Directive) Regulations 2009 require service providers to retain details of user Internet access, e-mail and Internet telephony for 12 months. ISPs must also be able to respond to access requests by law enforcement and other designated authorities.

The details of U.K. citizens' communications to be retained include which Web sites people have visited or attempted to visit; the sender, recipient, date and time of e-mails; and the caller and recipient of Internet telephone calls.

In addition, the regulations state that telecommunications companies must also retain details of all fixed and mobile telephony usage, including the geographical location of the caller.

These regulations supercede the Data Retention (EC Directive) Regulations 2007, which required fixed and mobile telephony data retention, but did not require the retention of Internet communications.

Privacy campaigner Simon Davies, director of Privacy International, told ZDNet Asia's sister site ZDNet UK on Monday that data preservation, in which ISPs and telcos retain the data of specific suspects rather than of all citizens, would have been "less privacy intrusive and achieves the same objectives".

"It's not necessary to retain all of that data," he said.

Davies noted that retention of data could lead to local authorities using that data in a similar way to their use of the Regulation of Investigatory Powers Act (RIPA). Local government has been criticized by various agencies, including the U.K. Home Office, for using the legislation to monitor people putting their bins out, or dog-fouling.

"Once the data is held under this particular regime, you will probably find it will be used for a whole range of other purposes, just as RIPA has been," Davies said. "With data preservation, what would not have occurred is the gross infringement of local authorities using that data to investigate dog-fouling or littering."

Davies added that public trust in government may be eroded if communications data is misused by local authorities.

The Home Office said in a statement on Monday that it does not want to see data retention or RIPA powers "being used to target people for putting their bins out in the wrong day or for dog-fouling offences". However, legitimate actions would include local authorities using data to target "dodgy traders", fly tippers and noisy neighbours, the Home Office said.

Currently, covert surveillance, such as accessing the data retained under the Data Retention (EC Directive) Regulations 2009, can be authorized in local authorities by junior executive officers. The Home Office said it is considering raising the level of authorization to senior executives, with possible oversight by elected councillors.

Home secretary Jacqui Smith said in December that the Home Office would consult on use of RIPA. This consultation would occur "shortly", the Home Office said.

The HomeOffice statement added that retention of communications data was necessary as a crime-fighting and anti-terrorist tool. "This data is a vital tool to investigations and intelligence gathering in support of national security and crime," the statement said. "Communications data allows investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time."

Editorial standards