A legal opinion of Communications Data Retention in the United Kingdom commissioned by Privacy International questions the legal
LONDON, UK, 17 October 2003
Privacy International reports: "The Opinion, which relates to the EU framework directive on the retention of communications data, has ramifications for ten EU states that have implemented, or are planning to implement, measures to place communications users under blanket surveillance. The UK is in the early stages of implementing such measures." The Opinion, provided by a prominent global law firm, has unequivocally concluded that the government’s plans would be unlawful.
The Internet Service Providers Association (ISPA) maintains its recommendation to ISPs that they do not subscribe to the voluntary code of practice under the Home Office’s data retention proposals. Read ISPA’s concerns:
Progressive internet service provider and APC member in London, GreenNet, attended a meeting, organised by PI and FIPR (Foundation for Information Policy Research): ‘Scrambling for Safety 7’, on October 22nd.
The meeting aimed to address a number of key issues:
* Has the Home Office addressed any of the concerns expressed by the public last year?
* How much remains to be fixed? Are the Statutory Instruments a useful way forward? What further legislation might be required?
* How will government agencies use their new powers?
* Is it appropriate to use emergency powers to impose surveillance requirements on ISPs and phone companies?
* Are the government’s proposals legal under the Human Rights Act?
Prior to the meeting, GreenNet had decided not to participate in the voluntary retention as we remain deeply concerned that the voluntary code laid before parliament is not compliant with data protection principles and Human Rights standards. It was therefore interesting to note that other Communication Service Providers (CSPs) had grave reservations about the voluntary code, yet the government has not carried out any survey of the potential take-up of the code amongst CSPs before proposing it.
Discussions highlighted the main concerns that CSPs have about a voluntary code of conduct:
* It doesn’t give legal authority to retain the data. Although the Secretary of State will write a letter giving his support to the voluntary code, service providers (SPs) don’t have legal protection.
* It is not legislated for because it may be in breach of Human Rights (as detailed above)
* The cost of storage and retrieval systems. The voluntary code of data retention is asking that CSPs retain data for up to one year. Currently GreenNet stores the majority of user data for 7 days.
At the meeting, a representative from Intellect, the association for the UK IT, telecommunications and electronics industries, stated that the code puts businesses in an uncomfortable position whereby the liability and cost are shifted to the industry and alongside this, they run they risk of abusing customer trust at a time when the public at large are increasingly concerned about what personal information is stored.
Read their latest press release on the issue here:
To date, it appears that a voluntary code would be implemented in breach of Human Rights and in an effort to cut costs. The legality of the code will be addressed at a further meeting as there was too much to go into detail about at the meeting on Wednesday.
Visit the PI site for updates. Simon Davies of Privacy International can be reached for comment on +44 7958 466 552.
In the meantime, GreenNet calls on other UK ISPs not to subscribe to the voluntary code of practice under the Home Office’s data retention proposals. This is in line with with ISPA’s (Internet Service Providers Association) recommendations.