The EU Data Retention Directive, formally known as "Directive 2006/24/EC” came into force on 15 March 2006. The introduction of this Directive gave rise to the UK Data Retention (EC Directive) Regulations 2009 (the "Regulations") which came into force yesterday (6th April 2009).
The Regulations provide that each ‘Public Communications Service Provider’ is obliged to retain ‘communications data’ including the date and time of the log-in or log-off from the internet access service, the IP address allocated by the internet access service provider and the user ID of the subscriber or registered user of the internet access service.
So just what is a ‘Public Communications Service Provider’? Essentially it is the entity which provides us, the public, with an electronic communications network for the purpose of making electronic communication services i.e. Internet Service Providers (ISP's) such as BT and Virgin Media. As such the responsibility for collecting and retaining data lies with the ISP's.
From yesterday, ISP’s will store information such as user e-mails; details of internet phone calls and text messages (although not the content itself), including the date and time of transmission and the IP address. Data will be retained by ISP’s for a period of one year. Other European Countries such as Italy and Denmark have already implemented the EU Directive and the introduction of the Regulations yesterday brings the UK in line with our European counterparts.
The introduction of these new "retention rules" has not gone unnoticed and human rights and privacy activists alike have raised grave concerns over the potential repercussions of implementing the Directive. Jim Killock, executive director of the Open Rights Group claims the new rules will result in "a serious erosion of our fundamental human right to privacy" and claims that “[t]he problem is there is a growing temptation from the security services and police to say we want more, we want to do more and keep more of our data."
ISP’s have of course voiced their concern that they will have to pay excessive costs in order to store all of this data and it is estimated that it will cost around £30 million in capital costs and £16 million in operating costs over an eight-year period. The UK Government has agreed to reimburse ISP’s for these costs.
Whilst the Home Office has offered a counter argument to concerns stating “[t]his data is a vital tool to investigations and intelligence gathering in support of national security and crime”, it has to be questioned on what basis they will have the time and resources to actually sift through what will amount to an enormous amount of data.