The Home Office has issued a consultation paper on the implementation of the Data Retention Directive in relation to internet related data. The consultation ended on 31 October 2008.
Although the provisions of the Data Retention Directive relating to telecoms data were implemented into UK law in 2007, the implementation of provisions relating to internet data were postponed until 15 March 2009.
In August 2008, the Home Office published a consultation on the transposition of the Directive. The consultation covers the provisions relating to retention of internet related data. These concern information that is generated or processed in connection with providing public communications networks or services.
The draft regulations set out an obligation to retain “traffic and location data and related data that is necessary to identify the subscriber or user”, known under the regulations as communications data.
The draft regulations list the data that must be retained. The information to be retained in connection with internet access, email and telephony information is listed in Regulation 7. Examples of data to be retained include user ID, telephone number and details of the registered user of an IP address.
The proposed retention period for this information is 12 months, although the Secretary of State will have the power to change this to any period between 6 and 24 months.
The information has to be stored in such as way that it can be transmitted without undue delay in response to a request.
Under the proposed regulations, a communications provider does not have to retain data if another communications provider is retaining the same data. This is intended to prevent the same information being held in two places. However, the Secretary of State will have power under the regulations to order specific communications providers, or category of communications provider to retain data even though it is retained elsewhere. The consultation closed on 31 October 2008.