The Home Office conducted a consultation in June 2003 about the development of a
voluntary code of practice to be applied to the implementation
of data retention.
In addition, a parallel consultation looked at the rules governing
access to such data by a wide range of government bodies,
under the Regulation of Investigatory Powers Act.
On September 12th, the The Home Office laid Regulation of Investigatory Powers orders
before parliament. They will now be passed to various committees and the House of Lords
In their responses to the laying of orders, the Internet Service Providers Association and Human Rights groups maintain
their recommendations to ISPs that they do not subscribe to the
voluntary code of practice under the Home Office’s data retention proposals.
Anti-Terrorism Crime and Security (ATCS) Bill was introduced as emergency legislation following the
attacks in the United States on 11th September 2001.
The Bill was first read on November 12 2001. A consultation period with industry, human
rights groups and other stakeholders with a view to developing the
detail of a Code of Practice. It received Royal Assent on 14th December 2001.
The ATCS Act contains a number of measures which aim to deal with 'terrorism' and protecting
'national security'. Read the Toolkit Briefing on the ATCS and related issues here
Part 11 of the ACT (Retention of Communications Data) is the section that deals most
significantly to telecommunications companies and Internet Service Providers.
It enables the Secretary of State for the Home Department to draw up a
voluntary Code of Practice to allow Communication
Service Providers (CSPs) to retain data for use by law enforcement
agencies in their investigations.
Under the Regulation of Investigatory Powers Act 2000, the Home Office attempted to
authorise a more extensive list of public authorities that could access communications data
(June 2002). If passed, this would have allowed every local authority and a number
of other public bodies to have access to phone, email and Internet data, without judicial oversight.
Until then, such powers had been the domain only of the police, MI5, MI6, the government listening
post GCHQ, customs and excise and the Inland Revenue.
Following significant public opposition, the Home Office was forced
to temporarily withdraw the proposal but is now attempting once
again to extend access to communications data to additional public
authorities and to propose a voluntary code of conduct for communication
service providers to follow.
Even though the number of authorities
has been reduced, the Home Office proposals will still have a
significant impact on the privacy of individuals in the UK according
to human rights activists at the "Scrambling for Safety 6"
conference organised by the Foundation
for Information Policy Research (FIPR) and Privacy
International. The summary below outlines some of the main
concerns of the human rights organisations, privacy groups and
commercial ISPs who are opposed to the proposals.
According to the Home Office, the aim of this document is to
extend access to communications data to additional public authorities
in order to ‘protect the public from crime.’
Those who are opposed to government proposals cite a number of
to current practice and proposals, access to documents by public
authorities does not require approval by the judiciary in order
to determine whether the need to access such information is proportional
to the individual's right to privacy. According to Privacy
International, for example, ‘BT has fully automated its service
to government to the point where any information on any BT customer
going back seven years can be obtained by any authorised government
agency merely by sending an email.’ Many believe that the current
proposal to allow access to communications data without judicial
oversight contradicts the European Human Rights Act that states
that there must be sufficient reason to interfere with personal
are especially concerned with the high costs of retaining and,
more importantly, servicing requests for data from public authorities.
ISPs are also concerned that, if they do subscribe to the voluntary
code, they may subsequently be prosecuted by users if their actions
are considered unlawful according to human rights law.
that currently have access to communications data make approximately
half a million requests for communications data annually (http://www.homeoffice.gov.uk/docs/consult.pdf,
Chapter 2, para. 6). According to a number of sources, there
has been an exponential rise in data requests in recent years.
There is a concern that this number will increase when access
to communications data is extended to additional authorities.
Many ISP’s favor a lower impact scheme of targeted data preservation,
where service providers would retain data on specified individuals
at the request of the police, rather the current retention proposals
which propose to retain data ‘in case’ it becomes useful in the
future. Communication service providers have asked the government
to show why the current system is insufficient.
According to the Home Office, the intention of the ‘Voluntary
Code of Practice’ is ‘to outline how communication service providers
can assist in the fight against terrorism by meeting agreed time
periods for retention of communications data that may be extended beyond those periods
for which their individuals company currently retains data for
business purposes’ (page 20).
According to human rights groups such as Privacy International,
ISPs have long complained to government about the subsidy that
would be required to make data available to government authorities,
where the most critical threat that is being ignored by such groups
is, in fact, the privacy rights of their customers.
In many ways, a code that seeks to clarify the role and responsibility
of service providers in retaining data would be welcome, especially
for consumers whose data is often held for unlawful periods and
distributed to other agencies. This code, however, should also
develop an effective oversight and complaints mechanism to allow
redress for users and should engender the trust of users in the
security of the system.
The issue of trust is critically important for groups that use
the Internet to allow, for example, women’s groups that support
victims of abuse and trafficking, to have a private space where
they are able to express themselves free from the threat of surveillance.
For such groups, privacy concerns are critical to their use of
the Internet for the purpose of supporting individuals who, if
it were not for the medium of the Internet, would otherwise not
be given this opportunity.
Many ISPs have not developed internal policies on data retention,
and are, in fact, accumulating vast amounts of personal information
about their customers for periods that are illegal under current
Data Protection Act 1998. The government has proposed to subsidise
service providers to retain and service access requests for their
customers’ data, but what may be more effective, according to
one ISP, would be to subsidise the development of ethical codes
of practice for the industry on data retention. Such codes, detailing
the process by which communication data may be accessed by authorities
and under what conditions, would assist in developing the trust
and accountability factors necessary for the growth of the industry
in this country.
Your Data' is a campaign launched by Privacy
International that calls on UK consumers to demand access
to their records held by telephone, mobile and Internet companies.
the site to obtain model letters that request records from
telecommunications companies under the Data Protection Act 1998.
You can modify the letters to include your personal and account
information and cut and paste the address for the company you
these slides to find out exactly what data is logged by ISPs
when a user logs onto the Internet.
Read the fact
sheet on data retention to find out the basics
"Scrambling for Safety 6"
was a conference that brought together representatives from government,
industry and human rights organisations to discuss the issues
that these documents raise with interested members of the public.
Foundation for Information Policy Research (FIPR) has a resource
page on 'Communications
Data' which explains the concerns, gives links to campaigns
and links to latest news on the issue.
Download the data protection toolkit briefing to find out about
the protection of privacy and your rights to information held
by others about you