UK implements the Data Retention Directive

By EDRi · May 23, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The UK Home Office is presently implementing the Data Retention Directive
that will oblige telephony and internet service providers to keep data for
12 months. The decision was taken without any debate by simple “affirmative”
votes in the parliament and the Directive is to be implemented by 15
September 2007 for fixed and mobile telephones and 18 months later for
internet services (including VOIP telephony).

The Home Office intents to implement the Directive by a Regulation that will
replace the current “voluntary” Code and does not seem to have taken into
consideration any risk related to the privacy of personal data.

Moreover, the government says that the EC Directive covering serious crime
can be used for any crime and that there is no need for public or
parliamentary discussion on privacy, civil liberties or human rights issues
as these have already been discussed at the EU level.

Tony Bunyan, Statewatch editor, comments:
“The collection and retention of everyone’s communications data is a
momentous decision, one that should not be slipped through parliament
without anyone noticing as the government plans to do.
The government’s proposal changes a voluntary agreement into a binding law,
on these grounds alone there should be primary legislation.
Moreover, the EC Directive limits the purpose for which data can be retained
to “serious crime” but the government intends to extend the scope to all
crime however minor.”

Having in view the character of the data retained, consumers and telecoms
companies need safeguards concerning the use of these data. Under the EC
Directive, all countries are required to adopt measures that ensure the data
can only be used by competent national authorities. Yet, UK’s draft
regulation and consultation process makes no reference on this. Also there
is nothing in the Regulation covering sanctions and remedies for
unauthorised use of the data as stipulated in the EC Directive.

Further more, the data can also be obtained in the absence of existing court
proceedings and can be available to anyone who can convince the Courts that
they have a right to access them.

Keeping personal data should help law enforcement authorities in their fight
against crime and for national security purposes. On the other hand, telecom
companies must protect their customers’ privacy and, according to the draft
regulations, they will not be able to protect these data by destroying it.

The only positive element for them is that, at least, the government
proposes to compensate them for compliance costs and litigants are obliged
to pay for disclosure of documents which they request from third parties.

Mandatory data retention in the UK – Statewatch analysis (05.2007)

Data retention: a balancing act for telcos (10.05.2007)