On August 12, 2008, the UK Home Office published new draft regulations requiring Internet service providers (ISPs) and telecommunications companies to retain Internet data, replacing the current “voluntary” approach. If approved by Parliament, the Electronic Communications Data Retention Regulations 2008 (EC Directive) would come into force on March 15, 2009. The regulations would revoke earlier UK regulations that implemented the EU Directive on Data Retention, which permitted Member States to delay Internet data retention even as they implemented retention rules for voice telecommunications companies’ traffic records.
According to the Home Office paper that commenced a consultation on the draft regulations, the cost of compliance could reach almost £50 million over eight years (consisting of an immediate £30.35 million in capital costs and another £16.23 million over that period). Comments are due by October 31, 2008.
The regulations provide that data must be retained for 12 months and can be accessed under the Regulation of Investigatory Powers Act (RIPA) by a wide range of government bodies, including local councils, health authorities, and even the Post Office. The Secretary of State could vary the 12- month period to between six and 24 months. The data that will be kept includes information about a call or Internet use, such as the time of the call or use, its instigating number or Internet protocol address, and the destination phone number, e-mail addresses, or URLs visited, but not content.