HOME   ABOUT OBEP PEOPLE NEWS TESTIM­ONIALS SERVICES CONTACT

The proposed Communications Data Bill

Following publication of the draft Communications Data Bill on 14 June (see “14/06/2012 Newsflash: Draft Communications Data Bill published”), I have now had the opportunity to read the draft Bill, which is quite complex! My first impressions in comparing it with current law in this area (under the Regulation of Investigatory Powers Act 2000 (“RIPA”) and the Data Retention (EC Directive) Regulations 2009) are as follows:

  • The new Bill could create wider obligations to retain or obtain communications data (in terms of types of data and who must retain or obtain it).
  • This would lead to more potential access to such data by public authorities.
  • Some public authorities, e.g. the police and the Serious Organised Crime Agency (“SOCA”), would continue to have wide (but controlled) access rights.
  • Access to communications data by local authorities would be limited (as in the current law), and there would be stricter controls over access by them than under current law.

What is “communications data”?

Communications data comprises three elements:

  • traffic data: information comprised in or attached to a communication which identifies person, location, apparatus;
  • use data: information about the use made by any person of a postal service or telecommunications service or system; and
  • subscriber data: other information relating to persons to whom the service is provided.

It is important to note that communications data does not include the main content of a communication, i.e. what the sender and recipient are communicating about.

Obligations to retain data

The proposed Bill allows for subordinate legislation to be made facilitating the availability of communications data by telecommunications operators (as well as postal operators), which includes providers of mobile and fixed telephone and internet services. Telecommunications operators may be required to obtain and/or retain certain data, and process it in a certain way. Such data must be kept securely, retained for a maximum of 12 months and securely destroyed after this period (if there is no other lawful reason to retain it). Arrangements will be made to contribute towards the extra costs of such retention by the operators.

Rights of access to data by public authorities

Public authorities (including the police, SOCA, and HMRC) may require telecommunications (and postal) operators to disclose communications data to them. They may also make arrangements for “asking” other persons for communications data which they may have or be capable of obtaining. As a safeguard (which reflects recent amendments to RIPA under the Protection of Freedoms Act 2012), local authorities must in addition obtain judicial approval to access the specific communications data. This requirement may be extended to other public authorities. Limitations are also imposed on the types of data which local authorities may access; for example, they may not access traffic data.

A public authority must follow internal authorisation procedures, and have a legitimate aim in requesting the data, falling within defined permitted purposes. Such purposes include: national security, prevention or detection of crime, public safety, public health, taxation, preventing death or injury, investigating miscarriages of justice, and a new purpose of market abuse.

Reactions and next steps

There has been a lot of commentary from the public on the proposed Bill. This includes a fair amount of “outrage” – some involving a lack of understanding of the provisions (which are indeed confusing!) and some more well-informed concerns on privacy and costs. It is important to note that this is not a completely new area of law and, whilst the scope of requirements for retention of and access to communications data may be changing and expanding, there will continue to be controls over how and who can access the data.

Theresa May (the Home Secretary) has stated that the Bill is going through pre-legislative scrutiny before being introduced to Parliament, and has highlighted the importance of striking the right balance between protecting the public and safeguarding civil liberties.

Olivia Whitcroft, principal of OBEP, 2 July 2012

This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details



DATA PROTECTION
INTELLECTUAL PROPERTY
COMMERCIAL CONTRACTS
Navigation
 
OBEP is an English law firm with a sole principal, Olivia Whitcroft. It is authorised and regulated by the Solicitors Regulation Authority, registration number 563704. VAT number: 118 4757 96
Linked In   Twitter Website Terms Privacy Notice