In August the Home Office published a consultation paper calling for views on draft Electronic Communications Data Retention (EC Directive) Regulations 2008. The paper invited views on the proposed final phase for the transposition of the Directive on the retention of internet-related data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks. Specifically, comments were invited on the draft Electronic Communications Data Retention (EC Directive) Regulations 2008 which will replace the Data Retention (EC Directive) Regulations 2007 and will therefore incorporate the obligation to retain communications data in relation to fixed line telephony and mobile telephony, as well as internet access, internet email and internet telephony.
The SCL Privacy and Data Protection Group, led by David Berry and Andrew Sharpe from Charles Russell LLP, have crafted a carefully worded response that repays careful reading. The response illuminates the holes in the proposed draft and highlights perceived inadequacies in the case made by the Home Office for the claimed retention periods. The response calls for the data retention powers to be limited by a ‘sunset clause’. It goes on to insist that the implementation of the monetary penalty powers in s 144 of the Criminal Justice and Immigration Act 2008 is a necessary ingredient if ‘efficient, proportionate and dissuasive’ enforcement powers are to be available as required by the Directive.
The response challenges the extended grounds on which communications data can be obtained under s 22(2) of the Regulation of investigatory Powers Act 2000 as these may go further than is permitted under EU law. In such cases, there may be a breach of data subjects’ rights.
The authors summarise the response as follows:
‘4.1 we consider that the draft Regulations, in so far as they seek to provide clear obligations on communications providers, are a faithful and effective transposition of the Data Retention Directive;
4.2 we consider that the Home Office has not made out a case for the retention periods set out in the draft Regulations;
4.3 we consider that the draft Regulations should include a “sunset clause”;
4.4 we consider that the laws on access to communications data will not satisfactorily ensure that access to information retained as a result of the draft Regulations will only be for the limited set of purposes described in the Data Retention Directive;
4.5 we consider that the draft Regulations do not provide for appropriate penalties that are “efficient, proportionate and dissuasive” to ensure adequate enforcement of the draft Regulations; and
4.6 we consider that an appropriate commissioner should be formally appointed to oversee the retention of communications data regime, and we suggest the Interception of Communications Commissioner.’
The full response can be read here.
