Following publication of the draft Communications Data Bill on 14 June (see “14/06/2012 Newsflash: Draft Communications Data Bill published”), I have now had the opportunity to read the draft Bill, which is quite complex! My first impressions in comparing it with current law in this area (under the Regulation of Investigatory Powers Act 2000 (“RIPA”) and the Data Retention (EC Directive) Regulations 2009) are as follows:
Communications data comprises three elements:
It is important to note that communications data does not include the main content of a communication, i.e. what the sender and recipient are communicating about.
The proposed Bill allows for subordinate legislation to be made facilitating the availability of communications data by telecommunications operators (as well as postal operators), which includes providers of mobile and fixed telephone and internet services. Telecommunications operators may be required to obtain and/or retain certain data, and process it in a certain way. Such data must be kept securely, retained for a maximum of 12 months and securely destroyed after this period (if there is no other lawful reason to retain it). Arrangements will be made to contribute towards the extra costs of such retention by the operators.
Public authorities (including the police, SOCA, and HMRC) may require telecommunications (and postal) operators to disclose communications data to them. They may also make arrangements for “asking” other persons for communications data which they may have or be capable of obtaining. As a safeguard (which reflects recent amendments to RIPA under the Protection of Freedoms Act 2012), local authorities must in addition obtain judicial approval to access the specific communications data. This requirement may be extended to other public authorities. Limitations are also imposed on the types of data which local authorities may access; for example, they may not access traffic data.
A public authority must follow internal authorisation procedures, and have a legitimate aim in requesting the data, falling within defined permitted purposes. Such purposes include: national security, prevention or detection of crime, public safety, public health, taxation, preventing death or injury, investigating miscarriages of justice, and a new purpose of market abuse.
There has been a lot of commentary from the public on the proposed Bill. This includes a fair amount of “outrage” – some involving a lack of understanding of the provisions (which are indeed confusing!) and some more well-informed concerns on privacy and costs. It is important to note that this is not a completely new area of law and, whilst the scope of requirements for retention of and access to communications data may be changing and expanding, there will continue to be controls over how and who can access the data.
Theresa May (the Home Secretary) has stated that the Bill is going through pre-legislative scrutiny before being introduced to Parliament, and has highlighted the importance of striking the right balance between protecting the public and safeguarding civil liberties.
Olivia Whitcroft, principal of OBEP, 2 July 2012
This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details