New Regulations implementing the EU Data Retention Directive (2006/24/EC) will come into force in the UK on 6 April 2009. The aim of the Directive is to assist law enforcement agencies with investigations into terrorism and serious crime by preserving communications data evidence. The Data Retention (EC) Directive Regulations 2009 will make data retention compulsory for both telecoms and internet data and will replace the 2007 Regulations governing telecoms data.

The key provisions of the new Regulations are:

  • Public communications providers (i.e. telcos and ISPs) are not obliged to retain the data specified in the Directive unless the provider is given notice in writing by the Secretary of State. This begs the question of what the position is of telcos who are currently obliged to retain data under the 2007 Regulations. The safest approach for these telcos is to continue to retain data until such time as the Secretary of State informs them that they no longer have to do so.
  • The Regulations will require ISPs to retain the following types of data relating to Internet access, email and VOIP: user IDs; associated phone numbers and subscribers’/users’ names and addresses associated with a particular IP address; dates and times of Internet access; the type of Internet service used; and dial up or DSL details.
  • The retained data should include data relating to “unsuccessful call attempts”. It is not clear whether this should be interpreted as meaning ISPs need to retain data in respect of junk mail they filter out before it reaches their customers’ accounts. As a precaution ISPs may wish to retain such data until the Secretary of State issues clarification on this point.
  • The communications providers must retain data for 12 months.
  • Providers are themselves responsible for the costs of compliance but the Government may reimburse any expenses.

Click here to read a copy of the Regulations.