SlideShare a Scribd company logo

Uk data retention review ver 3.0

A
Amr El-Deeb

The document provides an overview of UK data retention regulations and the Data Retention and Investigatory Powers Act of 2014. It discusses the European Court of Justice ruling that invalidated the 2006 Data Retention Directive for failing to protect privacy and not having clear rules on access and use of retained data. The UK passed the 2014 Act to establish new data retention requirements domestically in response. The Act allows retention of the same categories of communications data specified in the 2009 Regulations for up to 12 months. It also provides for related notices, safeguards, offenses and a code of practice. The document then lists the key definitions and required types of retained data covered by the Act and 2014 Regulations, including fixed network, mobile and internet data to identify

Law
1 of 16
Download to read offline
UK DATA RETENTION REVIEW DATA RETENTION AND INVESTIGATORY POWERS ACT 2014 Prepared by Amr Eldeeb February 2016
“Whereas the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognized both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principles of Community law; whereas, for that reason , the approximation of those laws must not result in any lessening of the protection they afford but must, on the contrary, seek to ensure a high level of protection in the Community;”1 1 (10) DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
INTRODUCTION This research is in favor to find out the specified DATA that ISPs shall retain, protect & provide upon request, in light of the data retention regulations in the UK. SUMMARY The UK Data Retention Regulations completes the transposition of Directive 2006/24/EC2 , on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC3 . They relate to internet access, internet e-mail and internet telephony, as well as mobile and fixed line telephony. They revoke, and supersede, the Data Retention (EC Directive) Regulations 2007 (SI 2007/2199) which transposed the parts of Directive 2006/24/EC relating to mobile and fixed line telephony. It took three years to get the final UK Data retention regulations including the very important milestone of “proper public consultation”4 . However, the European Court of Justice (“ECJ”), in a judgment dated 8 April 2014 in joined cases C-293/12 Digital Rights Ireland & C-594/12 Seitlinger which, declared the Data Retention Directive (2006/24/EC) invalid. It noted that limitations to fundamental rights should only apply 2 Directive 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL , of 15 March 2006 3 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002, concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) 4 The draft Regulations have been subject to a 12-week public consultation exercise, which concluded in October 2008. During this exercise, Home Office officials met with a broad range of public communications providers and their trade associations, the Association of Chief Police Officers, the intelligence agencies, privacy lobbyists and other individuals. 54 responses were received. Many responses were from members of the public who were opposed to the Directive on principle but did not offer suggestions on the wording of the draft Regulations (24 out of 54 responses). Public communications providers welcomed the Government’s approach subject to five main concerns, which are addressed below. First, draft Regulation 5 has been amended to remove a provision, which would have enabled the Secretary of State to vary the period for data must be retained under the Regulations by notice. Second, draft Regulation 9 has been amended to ensure that all statistics required to be collected under Directive 2006/24/EC are also required to be collected under the draft Regulations. Third, draft Regulation 10 has been amended so that the Secretary of State must issue a notice to any public communications provider required to retain data under the Regulations. Under the amended version of draft Regulation 10, the Secretary of State must issue such a notice to a public communications provider unless the data to which the Regulations apply are retained in the UK in accordance with the Regulations by another public communications provider. Fourth, several responses to the consultation exercise expressed concern about how the draft Regulations ought to be interpreted in practice. The Government undertakes to establish an “implementation group”. This will develop guidance to assist in the implementation of the draft Regulations. Finally, a number of responses queried the meaning of the term “e-mail”. The Government confirms that the term “email” has the same meaning as “electronic mail” which is defined in the Privacy and Electronic Communications (EC Directive) Regulations 2003, transposing Directive 2002/58/EC into UK law. Both terms therefore refer to “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”.
in so far as is strictly necessary and that EU law must lay down clear and precise rules governing the scope of limitations and the safeguards for individuals. It held that the Directive did not set out clear and precise rules regarding the extent of the interference. It highlighted several elements of the directive, which fell short in this regard. By applying to all traffic data of all users of all means of electronic communications the Directive entailed an interference with the fundamental rights of practically the entire European population and did not require a relationship between the data retained and serious crime or public security. Moreover, no substantive conditions (such as objective criterion by which the number of persons authorized to access data can be limited) or procedural conditions (such as review by an administrative authority or a court prior to access) determined the limits of access and use to the data retained by competent national authorities. Nor did the Directive determine the period for which data are retained based on objective criteria. The Court also held that the Directive did not set out clear safeguards for the protection of the retained data. This finding was supported by the Court’s observation that the rules in the Directive were not tailored to the vast quantity of sensitive data retained and to the risk of unlawful access to these data. Rather, the Directive allowed providers to have regard to economic considerations when determining the technical and organizational means to secure these data. Moreover, the Directive did not specify that the data must be retained within the EU and thus within the control of national Data Protection Authorities. For these reasons, the Court declared the Directive invalid5 . In light of such development, the UK Government decided to introduce a secondary legislation to replace the Data Retention (EC Directive) Regulations 2009 (S.I.2009/859) (“the 2009 Regulations”), while providing additional safeguards. The Act had been taken through Parliament on a fast-track basis. In order to ensure the new data retention regime is in place before the Summer Recess, these Regulations will also be subject to an accelerated Parliamentary timetable. In particular, the Regulations will come into force on the day after they are made. The Government considers it important to put in place a new regime for data retention as soon as possible. This will ensure that telecommunications service providers continue to retain data following the European Court of Justice Judgment. The replacement Bill was the “Data Retention and Investigatory Powers Act 2014” 17th of July 2014. The act aims, among other things, to respond to the ECJs judgement since the 2009 Regulations have implemented the Directive in domestic Laws. In addition, this Act ensures that, as the original legislation intended, any company providing communication services to customers in the United Kingdom is obliged to comply with requests for communications data and interception warrants issued by the Secretary of State, irrespective of the location of the company providing the service. Nevertheless, the Act provides a power for the Secretary of State to issue a data retention notice on a telecommunications services provider, requiring them to retain certain data types. The data types are those set out in the Schedule to the 2009 Regulations. No additional categories of data can be retained. The Act provides that the period for which data can be retained can be set at a 5 See more at: http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d0f130d5cb2de61340ea4b108458a62 01a7991e8.e34KaxiLc3eQc40LaxqMbN4Och8Re0?text=&docid=145562&pageIndex=0&doclang=en&mo de=req&dir=&occ=first&part=1&cid=768374
maximum period not to exceed 12 months, rather than the fixed 12 months in the 2009 Regulations, allowing for retention for shorter periods when appropriate. It provides a power to make regulations setting out further provision on the giving of and contents of notices, safeguards for retained data, enforcement of requirements relating to retained data and the creation of a code of practice in order to provide detailed guidelines for data retention and information about the application of safeguards, and transitional provisions. By 30 July 2014, In accordance with section 2(5) of the ACT, new draft for Data Retention Regulations 2014 have been prepared and laid before parliament & approval by resolution of each House. IN ACCORDANCE WITH THE AIM OF THIS RESEARCH, WE WILL NOT PROCEED DEEPLY IN ANY DETAILES REGARDING THE RELATED LAWS AND WILL ONLY LIST THE DIFINITIONS & DATA TYPES SET OUT IN THE DATA RETENTION AND POWERS ACT 2014 & THE RELATED DATA RETANTION REGULATIONS 2014. THE FOLLOWING DATA HAS BEEN COLLECTED, REFORMED AND LISTED IN A WAY SERVING THE AIM OF THIS RESEARCH.
SECTION (A) DEFINITIONS 1. Data Retention and Powers and investigatory powers Act 2014 described the definitions under the title Supplementary; I. “Communications data” has the meaning given by section 21(4)6 of the Regulation of Investigatory Powers Act 2000 so far as that meaning applies in relation to telecommunications services and telecommunication systems; II. “Functions” includes powers and duties; III. “Notice” means notice in writing; IV. “Public telecommunications operator” means a person who; (a) Controls or provides a public telecommunication system, or (b) Provides a public telecommunications service; V. “Public telecommunications service” and “public telecommunication system” have the meanings given by section 2(1)7 of the Regulation of Investigatory Powers Act 2000; VI. “Relevant communications data” means communications data of the kind mentioned in the Schedule to the 2009 Regulations so far as such data is generated or processed in the United Kingdom by public telecommunications operators in the process of supplying the telecommunications services concerned; In accordance with 2(2); “Relevant communications data” includes (so far as it otherwise falls within the definition) communications data relating to unsuccessful call attempts that— (a) in the case of telephony data, is stored in the United Kingdom, or (b) In the case of internet data, is logged in the United Kingdom, but does not include data relating to unconnected calls or data revealing the content of a communication. VII. “Relevant powers” means any powers conferred by virtue of section 1(1) to (6); VIII. “Relevant requirements or restrictions” means any requirements or restrictions imposed by virtue of section 1(1) to (6); IX. “Retention notice” has the meaning given by section 1(1); X. “Specify” means specify or describe (and “specified” is to be read accordingly); 6 In this Chapter “communications data” means any of the Following; (a) any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunication system by means of which it is being or may be transmitted;(b) any information which includes none of the contents of a communication (apart from any information falling within paragraph (a)) and is about the use made by any person—(i) of any postal service or telecommunications service; or - (ii) in connection with the provision to or use by any person of any telecommunications service, of any part of a telecommunication system; (c) any information not falling within paragraph (a) or (b) that is held or obtained, in relation to persons to whom he provides the service, by a person providing a postal service or telecommunications service. 7 “public telecommunications service” means any telecommunications service which is offered or provided to, or to a substantial section of, the public in any one or more parts of the United Kingdom; “public telecommunication system” means any such parts of a telecommunication system by means of which any public telecommunications service is provided as are located in the United Kingdom;
XI. “Telecommunications service”8 and “Telecommunication system”9 have the meanings given by section 2(1) of the Regulation of Investigatory Powers Act 2000; XII. “Telecommunications Service Provider” means a person who provides a telecommunications service; XIII. “Unsuccessful call attempt” means a communication where a telephone call has been successfully connected but not answered or there has been a network management intervention; XIV. “The 2009 Regulations” means the provisions known as the Data Retention (EC Directive) Regulations 2009 (S.I. 2009/859). XV. In subsection (5); Meaning of “telecommunications service” In section 2 of the Regulation of Investigatory Powers Act 2000 (meaning of interception” etc.), after subsection (8) insert— “(8A) For the purposes of the definition of “telecommunications service” in subsection (1), the cases in which a service is to be taken to consist in the provision of access to, and of facilities for making use of, a telecommunication system include any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system.”10 2. The Data Retention Regulations 2014 has some special interpretation for part 2 of the regulations that can be cited as following; Interpretation of part 2; I. “The Act” means the Data Retention and Investigatory Powers Act 2014; II. “Cell ID” means the identity or location of the cell from which a mobile telephony call started or in which it finished; III. “Service use data” means anything falling within paragraph (b) of the definition of “communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000(a) so far as that definition applies in relation to telecommunications services and telecommunication systems; IV. “Subscriber data” means anything falling within paragraph (c) of the definition of “communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems; V. “Telephone service” means calls (including voice, voicemail and conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multimedia services (including short message services, enhanced media services and multi-media services); 8 “telecommunications service” means any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service); and 9 “telecommunication system” means any system (including the apparatus comprised in it) which exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy 10 Subsection 2 (8); For the purposes of this section the cases in which any contents of a communication are to be taken to be made available to a person while being transmitted shall include any case in which any of the contents of the communication, while being transmitted, are diverted or recorded so as to be available to a person subsequently.
VI. “Traffic data” means anything falling within paragraph (a) of the definition of “communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems; VII. “Communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems; VIII. “User ID” means a unique identifier allocated to persons when they subscribe to, or register with, an internet access service or internet communications service IX. The Schedule to these Regulations specifies the communications data that is of the kind mentioned in the Schedule to the 2009 Regulations (b). SECTION (B) THE REQUIRED TYPES OF RETAINED DATA  DATA RETENTION REGULATIONS 2014 SCHEDULE COMMUNICATIONS DATA OF THE KIND MENTIONED IN THE SCHEDULE TO THE 2009 REGULATIONS  The schedule includes data falling into categories of fixed network (part 1), mobile telephony (part 2), and internet access, internet e-mail or internet telephony (part 3). PART 1 FIXED NETWORK TELEPHONY Data necessary to trace and identify the source of a communication 1. — (1) The calling telephone number. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the destination of a communication 2.— (1) The telephone number dialed and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the date, time and duration of a communication
3. The date and time of the start and end of the call. Data necessary to identify the type of communication 4. The telephone service used. PART 2 MOBILE TELEPHONY Data necessary to trace and identify the source of a communication 5. — (1) The calling telephone number. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the destination of a communication 6. — (1) The telephone number dialed and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the date, time and duration of a communication 7. The date and time of the start and end of the call. Data necessary to identify the type of communication 8. The telephone service used. Data necessary to identify users’ communication equipment (or what purports to be their Equipment) 9. — (1) The International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) of the telephone from which a telephone call is made. (2) The IMSI and the IMEI of the telephone dialed. (3) In the case of pre-paid anonymous services, the date and time of the initial activation of the Service and the cell ID from which the service was activated. Data necessary to identify the location of mobile communication equipment 10. — (1) The cell ID at the start of the communication. (2) Data identifying the geographic location of cells by reference to their cell ID
PART 3 INTERNET ACCESS, INTERNET E-MAIL OR INTERNET TELEPHONY Data necessary to trace and identify the source of a communication 11.— (1) The user ID allocated. (2) The user ID and telephone number allocated to the communication entering the public telephone network. (3) The name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication. Data necessary to identify the destination of a communication 12.— (1) In the case of internet telephony, the user ID or telephone number of the intended recipient of the call. (2) In the case of internet e-mail or internet telephony, the name and address of the subscriber or registered user and the user ID of the intended recipient of the communication. Data necessary to identify the date, time and duration of a communication 13.— (1) In the case of internet access— (a) The date and time of the log-in to and log-off from the internet access service, based on a specified time zone, (b) The IP address, whether dynamic or static, allocated by the internet access service provider to the communication, and (c) The user ID of the subscriber or registered user of the internet access service. (2) In the case of internet e-mail or internet telephony, the date and time of the log-in to and log off from the internet e-mail or internet telephony service, based on a specified time zone. Data necessary to identify the type of communication 14. In the case of internet e-mail or internet telephony, the internet service used. Data necessary to identify users’ communication equipment (or what purports to be their Equipment) 15. — (1) In the case of dial-up access, the calling telephone number. (2) In any other case, the digital subscriber line (DSL) or other end point of the originator of the Communication.
SECTION(C) HIGHLIGHTS & COMMENTARY 1. Highlights;  The Act provides powers to create a new mandatory data retention regime to replace the 2009 Regulations.  Communications data is the context not the content of a communication. It can be used to demonstrate who was communicating; when; from where; and with whom. It can include the time and duration of a communication, the number or email address of the originator and recipient, and sometimes the location of the device from which the communication was made. There is no section in any of the reviewed regulations to mention the CONTENT as a kind of data that has to be retained.  There is major section in the 2009 regulations that has been modified; article 3; These Regulations apply to communications data if, or to the extent that, the data are generated or processed IN the United Kingdom by public communications providers in the process of supplying the communications services concerned. This article has been MODIFIED & CLARIFIED in ACT 2014 by updating the Extra-Territorial section in RIPA11.  In accordance with the ECJ judgement, the ACT provides that the period for which data can be retained can be set at a maximum period not to exceed 12 months, rather than the fixed 12 months in the 2009 regulations, allowing for retention for shorter periods when appropriate.  Telecommunications service providers will not be required to retain data, unless they have been given a Retention Notice by the Secretary of the state.  A notice cannot require the retention of data types other than those described in the 2009 Regulations.12  In accordance with the new “Counter Terrorism and Security ACT 2015”, part 3, section 21; there have been scheduled modifications for some definitions to be in force of 31st of December 2016, as following; 11 Subsection number 2, 3, 4, 5, 6, 7, 8, 9 & 10 of the ACT modifying certain sections of RIPA to provide practicalities for Law Enforcement Agencies IN & OUT UK. 12 2 (3) Regulations under section 1(3) may specify the communications data that is of the kind mentioned in the Schedule to the 2009 Regulations and, where they do so, the reference in the definition of “relevant communications data” to communications data of that kind is to be read as a reference to communications data so specified.
21 Retention of relevant internet data (1) Section 2(1) of the Data Retention and Investigatory Powers Act 2014 (temporary provision about the retention of relevant communications data subject to safeguards: definitions) is amended as follows. (2) In the definition of “relevant communications data”— (a) For “means communications data” substitute “means— (a) communications data”; (b) After “Regulations” insert “, or (b) relevant internet data not falling within paragraph (a),” (c) The words from “so far as” to the end of the definition become full-out words beneath the new paragraphs (a) and (b). (3) After the definition of “relevant communications data” insert— ““relevant internet data” means communications data which— (a) relates to an internet access service or an internet communications service, (b) May be used to identify, or assist in identifying, which internet protocol address, or other identifier, belongs to the sender or recipient of a communication (whether or not a person), and (c) is not data which— (i) may be used to identify an internet communications service to which a communication is transmitted through an internet access service for the purpose of obtaining access to, or running, a computer file or computer program, and (ii) is generated or processed by a public telecommunications operator in the process of Counter-Terrorism and Security Act 2015 (c. 6) Part 3 — Data retention 15 supplying the internet access service to the sender of the communication (whether or not a person);”. (4) In addition— (a) Before the definition of “communications data” insert— ““communication” has the meaning given by section 81(1) of the Regulation of Investigatory Powers Act 2000 so far as that meaning applies in relation to telecommunications services and telecommunication systems;”; (b) After the definition of “functions” insert— ““Identifier” means an identifier used to facilitate the transmission of a communication;” (c) After the definition of “notice” insert— ““Person” includes an organization and any association or combination of persons;” (5) Subsections (1) to (4) are repealed on 31 December 2016. 2. COMMENTARY  The Data retention and investigatory powers ACT 2014 can be described as; The Necessary Modification that strengthen and clarify, rather than extend, the UK legislative framework.
 In order to balance between the privacy rights & the law enforcement agencies requirements, It differentiated between two kinds of requests to retain relevant communications data: o “A Retention Notice” for the purposes for which communication data may be obtained.13 o By “Regulations” to make further provisions about the retention of relevant communications data14.  As mentioned, the context is the targeted data type by these regulations, while the set of actions to gain access to the content is covered by, but not limited to, chapter 1 of part one of RIPA15, which can be briefed in; o In the interests of national security16; o For the purpose of preventing or detecting crime or of preventing disorder; o In the interests of the economic well-being of the United Kingdom; o In the interests of public safety; o For the purpose of protecting public health; o For the purpose of assessing or collecting any tax, duty, levy or other imposition, o Contribution or charge payable to a government department; o For the purpose, in an emergency, of preventing death or injury or any damage to a o Person’s physical or mental health, or of mitigating any injury or damage to a o Person’s physical or mental health; or o For any purpose (not falling within paragraphs (a) to (g)) which is specified for the Purposes of section 22(2) by an order made by the Secretary of State.  By working in conjunction with other, pre-existing legislation, the ACT & Regulations ensures the following points are clearly covered: o A clear and widened set of definitions o Purposes to which relevant powers may be used o Which authorities can use the powers o Authorization of the use of the powers o Shaping & confirming the extra territorial definition. 13 Purposes set out in section 22(2) of RIPA; (2) It is necessary on grounds falling within this subsection to obtain communications data if it is necessary— (a) in the interests of national security; (b) for the purpose of preventing or detecting crime or of preventing disorder; (c) in the interests of the economic well-being of the United Kingdom; (d) in the interests of public safety; (e) for the purpose of protecting public health; (f) for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department; (g) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health; or (h) for any purpose (not falling within paragraphs (a) to (g)) which is specified for the purposes of this subsection by an order made by the Secretary of State. 14 Section 1(3), ACT 2014; The Secretary of State may by regulations make further provision about the Retention of relevant communications data. 15 http://iocco-uk.info/docs/ripa.pdf 16 RIPA, section 22(2)
 In regard to legal framework functionality, section 7 has obligated the Secretary of state to appoint the “independent reviewer of terrorism legislation”17 to review the regulations and operations of investigatory powers18. SECTION (D) RECOMMENDATIONS Data Retention is not a target for itself; it is a part of a larger legal framework to guarantee the digital wellbeing of the public and national economy as well. Considering it as a threat for individual’s privacy shall not exist; if the system is trustfully implemented. Thus, Data Protection Regulations, Directives & Laws, among other legislative & organizational frameworks, are evolving around the globe to maintain our way of living, not to lessening any of our rights. In this regard, Common Law and Civil Law traditional legal systems are determined formulating a complete system to organize the cyber zone. So far, the US & EU have addressed certain key strategic subjects, while there are certain regions, like the Middle East, in their first stages in this regard. In accordance to the subject of this research, we do recommend the following;  Considering it a balanced & sufficient data retention direction, it is recommended excerpting the Data Retention Regulation Schedule 2014 in national legislations.  Adopting proper & strict Content Retention Policies that guarantees personal privacy in line with the national procedural laws.  Monitoring the Data Retention policies on a yearly basis.  Assigning a National Data Regulatory Authority. 17 Subsection 7(8) in this section “the independent reviewer of terrorism legislation” means the person appointed under section 36(1) of the Terrorism Act 2006 (and “independent reviewer” is to be read accordingly). 18 “The independent reviewer” is a post that already exists under the terrorism ACT 2006 & section 44 of Counter- Terrorism and Security Act 2015
References http://searchdatabackup.techtarget.com/definition/data-retention-policy https://en.wikipedia.org/wiki/Human_Rights_Act_1998 http://www.whatdotheyknow.com/request/26462/response/74338/attach/html/3/009%2010%20T able.xls.html http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en http://www.bbc.co.uk/news/uk-england-11479831 http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d0f130d56f59597a42b44d5ca e35b70377ca8d80.e34KaxiLc3eQc40LaxqMbN4OchaKe0?text=&docid=169195&pageIndex=0 &doclang=EN&mode=lst&dir=&occ=first&part=1&cid=16562 http://www.statutelaw.gov.uk/content.aspx?LegType=All+Legislation&title=regulation+of+inve stigatory&searchEnacted=0&extentMatchOnly=0&confersPower=0&blanketAmendment=0&so rtAlpha=0&TYPE=QS&PageNumber=1&NavFrom=0&parentActiveTextDocId=1757378&Acti veTextDocId=1757409&filesize=8774 https://en.wikipedia.org/wiki/Defence_Intelligence https://en.wikipedia.org/wiki/Cabinet_Secretary_for_Justice https://en.wikipedia.org/wiki/Telephone_tapping http://www.statutelaw.gov.uk/content.aspx?LegType=All+Legislation&title=Regulation+of+Inv estigatory+Powers+Act+2000&searchEnacted=0&extentMatchOnly=0&confersPower=0&blank etAmendment=0&sortAlpha=0&TYPE=QS&PageNumber=1&NavFrom=0&parentActiveTextD ocId=1757378&activetextdocid=1757416&versionNumber=1 https://en.wikipedia.org/wiki/Ministry_of_Defence_Police https://en.wikipedia.org/wiki/MI5 https://en.wikipedia.org/wiki/Mass_surveillance_in_the_United_Kingdom http://searchstorage.techtarget.com/definition/data-retention http://www.legislation.gov.uk/ukdsi/2009/9780111473894/regulation/3 http://www.legislation.gov.uk/uksi/2009/859/schedule/made http://www.legislation.gov.uk/uksi/2009/859/regulation/5/made
http://www.legislation.gov.uk/ukpga/2014/27/pdfs/ukpga_20140027_en.pdf https://en.wikipedia.org/wiki/Office_of_Public_Sector_Information https://en.wikipedia.org/wiki/Office_of_Public_Sector_Information https://en.wikipedia.org/wiki/Office_of_Public_Sector_Information http://www.statutelaw.gov.uk/content.aspx?LegType=All+Legislation&title=regulation+of+inve stigatory&searchEnacted=0&extentMatchOnly=0&confersPower=0&blanketAmendment=0&so rtAlpha=0&TYPE=QS&PageNumber=1&NavFrom=0&parentActiveTextDocId=1757378&Acti veTextDocId=1757385&filesize=11519 http://www.legislation.gov.uk/ukpga/2014/27/pdfs/ukpga_20140027_en.pdf http://www.legislation.gov.uk/ukia/2014/266/pdfs/ukia_20140266_en.pdf http://www.theguardian.com/politics/2014/sep/30/theresa-may-tory-government-snoopers- charter http://www.theguardian.com/technology/2014/jun/24/british-government-breaking-law-in- forcing-data-retention-by-companies https://en.wikipedia.org/wiki/Investigatory_Powers_Tribunal http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d0f130d5cb2de61340ea4b10 8458a6201a7991e8.e34KaxiLc3eQc40LaxqMbN4Och8Re0?text=&docid=145562&pageIndex= 0&doclang=en&mode=req&dir=&occ=first&part=1&cid=768374 http://www.torbay.gov.uk/index/yourcouncil/accesstoinformation/ripa/covert-cop.pdf http://www.legislation.gov.uk/ukpga/2015/6/pdfs/ukpga_20150006_en.pdf http://europeanlawblog.eu/?p=2289 http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32002L0058&from=EN http://www.breitbart.com/london/2016/02/14/top-uk-court-rules-gchq-hacking-of-private- telephones-computers-and-other-electronic-devices-legal/ http://www.walesonline.co.uk/news/politics/tory-mp-accused-welsh-government-10904099 http://www.independent.co.uk/news/uk/politics/gchq-hacking-phones-and-computers-is-legal- says-top-uk-court- a6871716.html?utm_content=bufferf5df2&utm_medium=social&utm_source=linkedin.com&ut m_campaign=buffer

Recommended

Open letter UK legal academics #drip
Open letter UK legal academics #dripOpen letter UK legal academics #drip
Open letter UK legal academics #dripChris Marsden
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_enGreg Sterling
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
Data retention directive is invalid
Data retention directive is invalidData retention directive is invalid
Data retention directive is invalidMonica Lupașcu
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedBulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedCohenGrigsby
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)FOTIOS ZYGOULIS
 
The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...i-SCOOP
 

Recommended

Open letter UK legal academics #drip
Open letter UK legal academics #dripOpen letter UK legal academics #drip
Open letter UK legal academics #dripChris Marsden
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_enGreg Sterling
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
Data retention directive is invalid
Data retention directive is invalidData retention directive is invalid
Data retention directive is invalidMonica Lupașcu
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedBulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedCohenGrigsby
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)FOTIOS ZYGOULIS
 
The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...i-SCOOP
 
Proposal for a regulation of th European Parliament and of the council on ePr...
Proposal for a regulation of th European Parliament and of the council on ePr...Proposal for a regulation of th European Parliament and of the council on ePr...
Proposal for a regulation of th European Parliament and of the council on ePr...IAB Europe
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Google inc-enforcement-notice-11062013
Google inc-enforcement-notice-11062013Google inc-enforcement-notice-11062013
Google inc-enforcement-notice-11062013Greg Sterling
 
CJEU decision on Schrems
CJEU decision on SchremsCJEU decision on Schrems
CJEU decision on SchremsGreg Sterling
 
edpl_2016_01-020
edpl_2016_01-020edpl_2016_01-020
edpl_2016_01-020Stephanie Michail
 
ECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionInternet Law Center
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingAndrew Tibber
 
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data... EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...European Data Forum
 
EFPIA Implementation and Analysis of Data
EFPIA Implementation and Analysis of DataEFPIA Implementation and Analysis of Data
EFPIA Implementation and Analysis of Dataqordata
 
Koska, kuik 2008 and 2009 eu competition law and sector-specific
Koska, kuik 2008 and 2009 eu competition law and sector-specificKoska, kuik 2008 and 2009 eu competition law and sector-specific
Koska, kuik 2008 and 2009 eu competition law and sector-specificMichal
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?Seb Oram
 
Dumortier draft data protection regulation
Dumortier draft data protection regulationDumortier draft data protection regulation
Dumortier draft data protection regulationJos Dumortier
 
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...Localogy
 
Bengala Ngobene Resume
Bengala Ngobene ResumeBengala Ngobene Resume
Bengala Ngobene ResumeBengala Guerra Ngobene
 
Borgesius wil Bakkersland overnemen
Borgesius wil Bakkersland overnemenBorgesius wil Bakkersland overnemen
Borgesius wil Bakkersland overnemenMichel Veenma
 
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)Stephanie Unsil
 
4)2016-1_Garcia Puebla_Carlos Armando
4)2016-1_Garcia Puebla_Carlos Armando4)2016-1_Garcia Puebla_Carlos Armando
4)2016-1_Garcia Puebla_Carlos Armandomarconuneze
 
duties-Asst Supt Sec.doc 1-19-16
duties-Asst Supt Sec.doc 1-19-16duties-Asst Supt Sec.doc 1-19-16
duties-Asst Supt Sec.doc 1-19-16maria garcia
 
3)2016-1_Sombra Alvarez_Selene
3)2016-1_Sombra Alvarez_Selene3)2016-1_Sombra Alvarez_Selene
3)2016-1_Sombra Alvarez_Selenemarconuneze
 
كيفية انشاء Qr
كيفية انشاء Qrكيفية انشاء Qr
كيفية انشاء QrReyad Ibrahim - bard college
 

More Related Content

What's hot

Proposal for a regulation of th European Parliament and of the council on ePr...
Proposal for a regulation of th European Parliament and of the council on ePr...Proposal for a regulation of th European Parliament and of the council on ePr...
Proposal for a regulation of th European Parliament and of the council on ePr...IAB Europe
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Google inc-enforcement-notice-11062013
Google inc-enforcement-notice-11062013Google inc-enforcement-notice-11062013
Google inc-enforcement-notice-11062013Greg Sterling
 
CJEU decision on Schrems
CJEU decision on SchremsCJEU decision on Schrems
CJEU decision on SchremsGreg Sterling
 
ECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionInternet Law Center
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingAndrew Tibber
 
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data... EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...European Data Forum
 
EFPIA Implementation and Analysis of Data
EFPIA Implementation and Analysis of DataEFPIA Implementation and Analysis of Data
EFPIA Implementation and Analysis of Dataqordata
 
Koska, kuik 2008 and 2009 eu competition law and sector-specific
Koska, kuik 2008 and 2009 eu competition law and sector-specificKoska, kuik 2008 and 2009 eu competition law and sector-specific
Koska, kuik 2008 and 2009 eu competition law and sector-specificMichal
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?Seb Oram
 
Dumortier draft data protection regulation
Dumortier draft data protection regulationDumortier draft data protection regulation
Dumortier draft data protection regulationJos Dumortier
 
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...Localogy
 

What's hot (15)

Proposal for a regulation of th European Parliament and of the council on ePr...
Proposal for a regulation of th European Parliament and of the council on ePr...Proposal for a regulation of th European Parliament and of the council on ePr...
Proposal for a regulation of th European Parliament and of the council on ePr...
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Google inc-enforcement-notice-11062013
Google inc-enforcement-notice-11062013Google inc-enforcement-notice-11062013
Google inc-enforcement-notice-11062013
 
CJEU decision on Schrems
CJEU decision on SchremsCJEU decision on Schrems
CJEU decision on Schrems
 
edpl_2016_01-020
edpl_2016_01-020edpl_2016_01-020
edpl_2016_01-020
 
ECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II Decision
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibber
 
The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance Marketing
 
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data... EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
 
EFPIA Implementation and Analysis of Data
EFPIA Implementation and Analysis of DataEFPIA Implementation and Analysis of Data
EFPIA Implementation and Analysis of Data
 
Koska, kuik 2008 and 2009 eu competition law and sector-specific
Koska, kuik 2008 and 2009 eu competition law and sector-specificKoska, kuik 2008 and 2009 eu competition law and sector-specific
Koska, kuik 2008 and 2009 eu competition law and sector-specific
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy law
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?
 
Dumortier draft data protection regulation
Dumortier draft data protection regulationDumortier draft data protection regulation
Dumortier draft data protection regulation
 
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
 

Viewers also liked

Borgesius wil Bakkersland overnemen
Borgesius wil Bakkersland overnemenBorgesius wil Bakkersland overnemen
Borgesius wil Bakkersland overnemenMichel Veenma
 
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)Stephanie Unsil
 
4)2016-1_Garcia Puebla_Carlos Armando
4)2016-1_Garcia Puebla_Carlos Armando4)2016-1_Garcia Puebla_Carlos Armando
4)2016-1_Garcia Puebla_Carlos Armandomarconuneze
 
duties-Asst Supt Sec.doc 1-19-16
duties-Asst Supt Sec.doc 1-19-16duties-Asst Supt Sec.doc 1-19-16
duties-Asst Supt Sec.doc 1-19-16maria garcia
 
3)2016-1_Sombra Alvarez_Selene
3)2016-1_Sombra Alvarez_Selene3)2016-1_Sombra Alvarez_Selene
3)2016-1_Sombra Alvarez_Selenemarconuneze
 
Gastronomía es-2009
Gastronomía es-2009Gastronomía es-2009
Gastronomía es-2009alvarciclo
 
Presentación para abordar un examen tipo PAU Comunidad de Madrid
Presentación para abordar un examen tipo PAU Comunidad de MadridPresentación para abordar un examen tipo PAU Comunidad de Madrid
Presentación para abordar un examen tipo PAU Comunidad de Madridjsaboritbasanta
 
The Future of Community-Based Services and Education
The Future of Community-Based Services and EducationThe Future of Community-Based Services and Education
The Future of Community-Based Services and EducationTim Thayne
 

Viewers also liked (13)

Bengala Ngobene Resume
Bengala Ngobene ResumeBengala Ngobene Resume
Bengala Ngobene Resume
 
Borgesius wil Bakkersland overnemen
Borgesius wil Bakkersland overnemenBorgesius wil Bakkersland overnemen
Borgesius wil Bakkersland overnemen
 
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)
MZU3233 TEKNOLOGI MUZIK (PISMP MUZIK SEM 8)
 
4)2016-1_Garcia Puebla_Carlos Armando
4)2016-1_Garcia Puebla_Carlos Armando4)2016-1_Garcia Puebla_Carlos Armando
4)2016-1_Garcia Puebla_Carlos Armando
 
duties-Asst Supt Sec.doc 1-19-16
duties-Asst Supt Sec.doc 1-19-16duties-Asst Supt Sec.doc 1-19-16
duties-Asst Supt Sec.doc 1-19-16
 
3)2016-1_Sombra Alvarez_Selene
3)2016-1_Sombra Alvarez_Selene3)2016-1_Sombra Alvarez_Selene
3)2016-1_Sombra Alvarez_Selene
 
كيفية انشاء Qr
كيفية انشاء Qrكيفية انشاء Qr
كيفية انشاء Qr
 
Gastronomía es-2009
Gastronomía es-2009Gastronomía es-2009
Gastronomía es-2009
 
Presentación para abordar un examen tipo PAU Comunidad de Madrid
Presentación para abordar un examen tipo PAU Comunidad de MadridPresentación para abordar un examen tipo PAU Comunidad de Madrid
Presentación para abordar un examen tipo PAU Comunidad de Madrid
 
Uts kimia
Uts kimiaUts kimia
Uts kimia
 
The Future of Community-Based Services and Education
The Future of Community-Based Services and EducationThe Future of Community-Based Services and Education
The Future of Community-Based Services and Education
 
Computer Aided Software Engineering
Computer Aided Software EngineeringComputer Aided Software Engineering
Computer Aided Software Engineering
 
HintonResume2016
HintonResume2016HintonResume2016
HintonResume2016
 

Similar to Uk data retention review ver 3.0

20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Getting the Deal Through: Telecoms and Media, Ireland 2017
Getting the Deal Through: Telecoms and Media, Ireland 2017 Getting the Deal Through: Telecoms and Media, Ireland 2017
Getting the Deal Through: Telecoms and Media, Ireland 2017 Matheson Law Firm
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regimeijtsrd
 
Transatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy SheidlTransatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy SheidlDaniel Parziale, CIPP/US
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPRPavol Balaj
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 
Factsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" rulingFactsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" rulingSilesia SEM
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"William Nyikuli
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms daymoldovaictsummit2016
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 
2013-09-26 Pharmacovigilance and transparency
2013-09-26 Pharmacovigilance and transparency2013-09-26 Pharmacovigilance and transparency
2013-09-26 Pharmacovigilance and transparencyWouter Pors
 

Similar to Uk data retention review ver 3.0 (20)

EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh Networks
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Getting the Deal Through: Telecoms and Media, Ireland 2017
Getting the Deal Through: Telecoms and Media, Ireland 2017 Getting the Deal Through: Telecoms and Media, Ireland 2017
Getting the Deal Through: Telecoms and Media, Ireland 2017
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
 
Transatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy SheidlTransatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPR
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 
Quick guide gdpr
Quick guide gdprQuick guide gdpr
Quick guide gdpr
 
Factsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" rulingFactsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" ruling
 
EU-US Data Privacy Framework
EU-US Data Privacy FrameworkEU-US Data Privacy Framework
EU-US Data Privacy Framework
 
1st draft
1st draft1st draft
1st draft
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?
 
Right to be forgotten en
Right to be forgotten enRight to be forgotten en
Right to be forgotten en
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
2013-09-26 Pharmacovigilance and transparency
2013-09-26 Pharmacovigilance and transparency2013-09-26 Pharmacovigilance and transparency
2013-09-26 Pharmacovigilance and transparency
 

Recently uploaded

如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书srst S
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书Fir L
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书SD DS
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一jr6r07mb
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 

Recently uploaded (20)

如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 

Uk data retention review ver 3.0

  • 1. UK DATA RETENTION REVIEW DATA RETENTION AND INVESTIGATORY POWERS ACT 2014 Prepared by Amr Eldeeb February 2016
  • 2. “Whereas the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognized both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principles of Community law; whereas, for that reason , the approximation of those laws must not result in any lessening of the protection they afford but must, on the contrary, seek to ensure a high level of protection in the Community;”1 1 (10) DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
  • 3. INTRODUCTION This research is in favor to find out the specified DATA that ISPs shall retain, protect & provide upon request, in light of the data retention regulations in the UK. SUMMARY The UK Data Retention Regulations completes the transposition of Directive 2006/24/EC2 , on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC3 . They relate to internet access, internet e-mail and internet telephony, as well as mobile and fixed line telephony. They revoke, and supersede, the Data Retention (EC Directive) Regulations 2007 (SI 2007/2199) which transposed the parts of Directive 2006/24/EC relating to mobile and fixed line telephony. It took three years to get the final UK Data retention regulations including the very important milestone of “proper public consultation”4 . However, the European Court of Justice (“ECJ”), in a judgment dated 8 April 2014 in joined cases C-293/12 Digital Rights Ireland & C-594/12 Seitlinger which, declared the Data Retention Directive (2006/24/EC) invalid. It noted that limitations to fundamental rights should only apply 2 Directive 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL , of 15 March 2006 3 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002, concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) 4 The draft Regulations have been subject to a 12-week public consultation exercise, which concluded in October 2008. During this exercise, Home Office officials met with a broad range of public communications providers and their trade associations, the Association of Chief Police Officers, the intelligence agencies, privacy lobbyists and other individuals. 54 responses were received. Many responses were from members of the public who were opposed to the Directive on principle but did not offer suggestions on the wording of the draft Regulations (24 out of 54 responses). Public communications providers welcomed the Government’s approach subject to five main concerns, which are addressed below. First, draft Regulation 5 has been amended to remove a provision, which would have enabled the Secretary of State to vary the period for data must be retained under the Regulations by notice. Second, draft Regulation 9 has been amended to ensure that all statistics required to be collected under Directive 2006/24/EC are also required to be collected under the draft Regulations. Third, draft Regulation 10 has been amended so that the Secretary of State must issue a notice to any public communications provider required to retain data under the Regulations. Under the amended version of draft Regulation 10, the Secretary of State must issue such a notice to a public communications provider unless the data to which the Regulations apply are retained in the UK in accordance with the Regulations by another public communications provider. Fourth, several responses to the consultation exercise expressed concern about how the draft Regulations ought to be interpreted in practice. The Government undertakes to establish an “implementation group”. This will develop guidance to assist in the implementation of the draft Regulations. Finally, a number of responses queried the meaning of the term “e-mail”. The Government confirms that the term “email” has the same meaning as “electronic mail” which is defined in the Privacy and Electronic Communications (EC Directive) Regulations 2003, transposing Directive 2002/58/EC into UK law. Both terms therefore refer to “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”.
  • 4. in so far as is strictly necessary and that EU law must lay down clear and precise rules governing the scope of limitations and the safeguards for individuals. It held that the Directive did not set out clear and precise rules regarding the extent of the interference. It highlighted several elements of the directive, which fell short in this regard. By applying to all traffic data of all users of all means of electronic communications the Directive entailed an interference with the fundamental rights of practically the entire European population and did not require a relationship between the data retained and serious crime or public security. Moreover, no substantive conditions (such as objective criterion by which the number of persons authorized to access data can be limited) or procedural conditions (such as review by an administrative authority or a court prior to access) determined the limits of access and use to the data retained by competent national authorities. Nor did the Directive determine the period for which data are retained based on objective criteria. The Court also held that the Directive did not set out clear safeguards for the protection of the retained data. This finding was supported by the Court’s observation that the rules in the Directive were not tailored to the vast quantity of sensitive data retained and to the risk of unlawful access to these data. Rather, the Directive allowed providers to have regard to economic considerations when determining the technical and organizational means to secure these data. Moreover, the Directive did not specify that the data must be retained within the EU and thus within the control of national Data Protection Authorities. For these reasons, the Court declared the Directive invalid5 . In light of such development, the UK Government decided to introduce a secondary legislation to replace the Data Retention (EC Directive) Regulations 2009 (S.I.2009/859) (“the 2009 Regulations”), while providing additional safeguards. The Act had been taken through Parliament on a fast-track basis. In order to ensure the new data retention regime is in place before the Summer Recess, these Regulations will also be subject to an accelerated Parliamentary timetable. In particular, the Regulations will come into force on the day after they are made. The Government considers it important to put in place a new regime for data retention as soon as possible. This will ensure that telecommunications service providers continue to retain data following the European Court of Justice Judgment. The replacement Bill was the “Data Retention and Investigatory Powers Act 2014” 17th of July 2014. The act aims, among other things, to respond to the ECJs judgement since the 2009 Regulations have implemented the Directive in domestic Laws. In addition, this Act ensures that, as the original legislation intended, any company providing communication services to customers in the United Kingdom is obliged to comply with requests for communications data and interception warrants issued by the Secretary of State, irrespective of the location of the company providing the service. Nevertheless, the Act provides a power for the Secretary of State to issue a data retention notice on a telecommunications services provider, requiring them to retain certain data types. The data types are those set out in the Schedule to the 2009 Regulations. No additional categories of data can be retained. The Act provides that the period for which data can be retained can be set at a 5 See more at: http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d0f130d5cb2de61340ea4b108458a62 01a7991e8.e34KaxiLc3eQc40LaxqMbN4Och8Re0?text=&docid=145562&pageIndex=0&doclang=en&mo de=req&dir=&occ=first&part=1&cid=768374
  • 5. maximum period not to exceed 12 months, rather than the fixed 12 months in the 2009 Regulations, allowing for retention for shorter periods when appropriate. It provides a power to make regulations setting out further provision on the giving of and contents of notices, safeguards for retained data, enforcement of requirements relating to retained data and the creation of a code of practice in order to provide detailed guidelines for data retention and information about the application of safeguards, and transitional provisions. By 30 July 2014, In accordance with section 2(5) of the ACT, new draft for Data Retention Regulations 2014 have been prepared and laid before parliament & approval by resolution of each House. IN ACCORDANCE WITH THE AIM OF THIS RESEARCH, WE WILL NOT PROCEED DEEPLY IN ANY DETAILES REGARDING THE RELATED LAWS AND WILL ONLY LIST THE DIFINITIONS & DATA TYPES SET OUT IN THE DATA RETENTION AND POWERS ACT 2014 & THE RELATED DATA RETANTION REGULATIONS 2014. THE FOLLOWING DATA HAS BEEN COLLECTED, REFORMED AND LISTED IN A WAY SERVING THE AIM OF THIS RESEARCH.
  • 6. SECTION (A) DEFINITIONS 1. Data Retention and Powers and investigatory powers Act 2014 described the definitions under the title Supplementary; I. “Communications data” has the meaning given by section 21(4)6 of the Regulation of Investigatory Powers Act 2000 so far as that meaning applies in relation to telecommunications services and telecommunication systems; II. “Functions” includes powers and duties; III. “Notice” means notice in writing; IV. “Public telecommunications operator” means a person who; (a) Controls or provides a public telecommunication system, or (b) Provides a public telecommunications service; V. “Public telecommunications service” and “public telecommunication system” have the meanings given by section 2(1)7 of the Regulation of Investigatory Powers Act 2000; VI. “Relevant communications data” means communications data of the kind mentioned in the Schedule to the 2009 Regulations so far as such data is generated or processed in the United Kingdom by public telecommunications operators in the process of supplying the telecommunications services concerned; In accordance with 2(2); “Relevant communications data” includes (so far as it otherwise falls within the definition) communications data relating to unsuccessful call attempts that— (a) in the case of telephony data, is stored in the United Kingdom, or (b) In the case of internet data, is logged in the United Kingdom, but does not include data relating to unconnected calls or data revealing the content of a communication. VII. “Relevant powers” means any powers conferred by virtue of section 1(1) to (6); VIII. “Relevant requirements or restrictions” means any requirements or restrictions imposed by virtue of section 1(1) to (6); IX. “Retention notice” has the meaning given by section 1(1); X. “Specify” means specify or describe (and “specified” is to be read accordingly); 6 In this Chapter “communications data” means any of the Following; (a) any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunication system by means of which it is being or may be transmitted;(b) any information which includes none of the contents of a communication (apart from any information falling within paragraph (a)) and is about the use made by any person—(i) of any postal service or telecommunications service; or - (ii) in connection with the provision to or use by any person of any telecommunications service, of any part of a telecommunication system; (c) any information not falling within paragraph (a) or (b) that is held or obtained, in relation to persons to whom he provides the service, by a person providing a postal service or telecommunications service. 7 “public telecommunications service” means any telecommunications service which is offered or provided to, or to a substantial section of, the public in any one or more parts of the United Kingdom; “public telecommunication system” means any such parts of a telecommunication system by means of which any public telecommunications service is provided as are located in the United Kingdom;
  • 7. XI. “Telecommunications service”8 and “Telecommunication system”9 have the meanings given by section 2(1) of the Regulation of Investigatory Powers Act 2000; XII. “Telecommunications Service Provider” means a person who provides a telecommunications service; XIII. “Unsuccessful call attempt” means a communication where a telephone call has been successfully connected but not answered or there has been a network management intervention; XIV. “The 2009 Regulations” means the provisions known as the Data Retention (EC Directive) Regulations 2009 (S.I. 2009/859). XV. In subsection (5); Meaning of “telecommunications service” In section 2 of the Regulation of Investigatory Powers Act 2000 (meaning of interception” etc.), after subsection (8) insert— “(8A) For the purposes of the definition of “telecommunications service” in subsection (1), the cases in which a service is to be taken to consist in the provision of access to, and of facilities for making use of, a telecommunication system include any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system.”10 2. The Data Retention Regulations 2014 has some special interpretation for part 2 of the regulations that can be cited as following; Interpretation of part 2; I. “The Act” means the Data Retention and Investigatory Powers Act 2014; II. “Cell ID” means the identity or location of the cell from which a mobile telephony call started or in which it finished; III. “Service use data” means anything falling within paragraph (b) of the definition of “communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000(a) so far as that definition applies in relation to telecommunications services and telecommunication systems; IV. “Subscriber data” means anything falling within paragraph (c) of the definition of “communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems; V. “Telephone service” means calls (including voice, voicemail and conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multimedia services (including short message services, enhanced media services and multi-media services); 8 “telecommunications service” means any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service); and 9 “telecommunication system” means any system (including the apparatus comprised in it) which exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy 10 Subsection 2 (8); For the purposes of this section the cases in which any contents of a communication are to be taken to be made available to a person while being transmitted shall include any case in which any of the contents of the communication, while being transmitted, are diverted or recorded so as to be available to a person subsequently.
  • 8. VI. “Traffic data” means anything falling within paragraph (a) of the definition of “communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems; VII. “Communications data” in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems; VIII. “User ID” means a unique identifier allocated to persons when they subscribe to, or register with, an internet access service or internet communications service IX. The Schedule to these Regulations specifies the communications data that is of the kind mentioned in the Schedule to the 2009 Regulations (b). SECTION (B) THE REQUIRED TYPES OF RETAINED DATA  DATA RETENTION REGULATIONS 2014 SCHEDULE COMMUNICATIONS DATA OF THE KIND MENTIONED IN THE SCHEDULE TO THE 2009 REGULATIONS  The schedule includes data falling into categories of fixed network (part 1), mobile telephony (part 2), and internet access, internet e-mail or internet telephony (part 3). PART 1 FIXED NETWORK TELEPHONY Data necessary to trace and identify the source of a communication 1. — (1) The calling telephone number. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the destination of a communication 2.— (1) The telephone number dialed and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the date, time and duration of a communication
  • 9. 3. The date and time of the start and end of the call. Data necessary to identify the type of communication 4. The telephone service used. PART 2 MOBILE TELEPHONY Data necessary to trace and identify the source of a communication 5. — (1) The calling telephone number. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the destination of a communication 6. — (1) The telephone number dialed and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred. (2) The name and address of the subscriber or registered user of any such telephone. Data necessary to identify the date, time and duration of a communication 7. The date and time of the start and end of the call. Data necessary to identify the type of communication 8. The telephone service used. Data necessary to identify users’ communication equipment (or what purports to be their Equipment) 9. — (1) The International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) of the telephone from which a telephone call is made. (2) The IMSI and the IMEI of the telephone dialed. (3) In the case of pre-paid anonymous services, the date and time of the initial activation of the Service and the cell ID from which the service was activated. Data necessary to identify the location of mobile communication equipment 10. — (1) The cell ID at the start of the communication. (2) Data identifying the geographic location of cells by reference to their cell ID
  • 10. PART 3 INTERNET ACCESS, INTERNET E-MAIL OR INTERNET TELEPHONY Data necessary to trace and identify the source of a communication 11.— (1) The user ID allocated. (2) The user ID and telephone number allocated to the communication entering the public telephone network. (3) The name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication. Data necessary to identify the destination of a communication 12.— (1) In the case of internet telephony, the user ID or telephone number of the intended recipient of the call. (2) In the case of internet e-mail or internet telephony, the name and address of the subscriber or registered user and the user ID of the intended recipient of the communication. Data necessary to identify the date, time and duration of a communication 13.— (1) In the case of internet access— (a) The date and time of the log-in to and log-off from the internet access service, based on a specified time zone, (b) The IP address, whether dynamic or static, allocated by the internet access service provider to the communication, and (c) The user ID of the subscriber or registered user of the internet access service. (2) In the case of internet e-mail or internet telephony, the date and time of the log-in to and log off from the internet e-mail or internet telephony service, based on a specified time zone. Data necessary to identify the type of communication 14. In the case of internet e-mail or internet telephony, the internet service used. Data necessary to identify users’ communication equipment (or what purports to be their Equipment) 15. — (1) In the case of dial-up access, the calling telephone number. (2) In any other case, the digital subscriber line (DSL) or other end point of the originator of the Communication.
  • 11. SECTION(C) HIGHLIGHTS & COMMENTARY 1. Highlights;  The Act provides powers to create a new mandatory data retention regime to replace the 2009 Regulations.  Communications data is the context not the content of a communication. It can be used to demonstrate who was communicating; when; from where; and with whom. It can include the time and duration of a communication, the number or email address of the originator and recipient, and sometimes the location of the device from which the communication was made. There is no section in any of the reviewed regulations to mention the CONTENT as a kind of data that has to be retained.  There is major section in the 2009 regulations that has been modified; article 3; These Regulations apply to communications data if, or to the extent that, the data are generated or processed IN the United Kingdom by public communications providers in the process of supplying the communications services concerned. This article has been MODIFIED & CLARIFIED in ACT 2014 by updating the Extra-Territorial section in RIPA11.  In accordance with the ECJ judgement, the ACT provides that the period for which data can be retained can be set at a maximum period not to exceed 12 months, rather than the fixed 12 months in the 2009 regulations, allowing for retention for shorter periods when appropriate.  Telecommunications service providers will not be required to retain data, unless they have been given a Retention Notice by the Secretary of the state.  A notice cannot require the retention of data types other than those described in the 2009 Regulations.12  In accordance with the new “Counter Terrorism and Security ACT 2015”, part 3, section 21; there have been scheduled modifications for some definitions to be in force of 31st of December 2016, as following; 11 Subsection number 2, 3, 4, 5, 6, 7, 8, 9 & 10 of the ACT modifying certain sections of RIPA to provide practicalities for Law Enforcement Agencies IN & OUT UK. 12 2 (3) Regulations under section 1(3) may specify the communications data that is of the kind mentioned in the Schedule to the 2009 Regulations and, where they do so, the reference in the definition of “relevant communications data” to communications data of that kind is to be read as a reference to communications data so specified.
  • 12. 21 Retention of relevant internet data (1) Section 2(1) of the Data Retention and Investigatory Powers Act 2014 (temporary provision about the retention of relevant communications data subject to safeguards: definitions) is amended as follows. (2) In the definition of “relevant communications data”— (a) For “means communications data” substitute “means— (a) communications data”; (b) After “Regulations” insert “, or (b) relevant internet data not falling within paragraph (a),” (c) The words from “so far as” to the end of the definition become full-out words beneath the new paragraphs (a) and (b). (3) After the definition of “relevant communications data” insert— ““relevant internet data” means communications data which— (a) relates to an internet access service or an internet communications service, (b) May be used to identify, or assist in identifying, which internet protocol address, or other identifier, belongs to the sender or recipient of a communication (whether or not a person), and (c) is not data which— (i) may be used to identify an internet communications service to which a communication is transmitted through an internet access service for the purpose of obtaining access to, or running, a computer file or computer program, and (ii) is generated or processed by a public telecommunications operator in the process of Counter-Terrorism and Security Act 2015 (c. 6) Part 3 — Data retention 15 supplying the internet access service to the sender of the communication (whether or not a person);”. (4) In addition— (a) Before the definition of “communications data” insert— ““communication” has the meaning given by section 81(1) of the Regulation of Investigatory Powers Act 2000 so far as that meaning applies in relation to telecommunications services and telecommunication systems;”; (b) After the definition of “functions” insert— ““Identifier” means an identifier used to facilitate the transmission of a communication;” (c) After the definition of “notice” insert— ““Person” includes an organization and any association or combination of persons;” (5) Subsections (1) to (4) are repealed on 31 December 2016. 2. COMMENTARY  The Data retention and investigatory powers ACT 2014 can be described as; The Necessary Modification that strengthen and clarify, rather than extend, the UK legislative framework.
  • 13.  In order to balance between the privacy rights & the law enforcement agencies requirements, It differentiated between two kinds of requests to retain relevant communications data: o “A Retention Notice” for the purposes for which communication data may be obtained.13 o By “Regulations” to make further provisions about the retention of relevant communications data14.  As mentioned, the context is the targeted data type by these regulations, while the set of actions to gain access to the content is covered by, but not limited to, chapter 1 of part one of RIPA15, which can be briefed in; o In the interests of national security16; o For the purpose of preventing or detecting crime or of preventing disorder; o In the interests of the economic well-being of the United Kingdom; o In the interests of public safety; o For the purpose of protecting public health; o For the purpose of assessing or collecting any tax, duty, levy or other imposition, o Contribution or charge payable to a government department; o For the purpose, in an emergency, of preventing death or injury or any damage to a o Person’s physical or mental health, or of mitigating any injury or damage to a o Person’s physical or mental health; or o For any purpose (not falling within paragraphs (a) to (g)) which is specified for the Purposes of section 22(2) by an order made by the Secretary of State.  By working in conjunction with other, pre-existing legislation, the ACT & Regulations ensures the following points are clearly covered: o A clear and widened set of definitions o Purposes to which relevant powers may be used o Which authorities can use the powers o Authorization of the use of the powers o Shaping & confirming the extra territorial definition. 13 Purposes set out in section 22(2) of RIPA; (2) It is necessary on grounds falling within this subsection to obtain communications data if it is necessary— (a) in the interests of national security; (b) for the purpose of preventing or detecting crime or of preventing disorder; (c) in the interests of the economic well-being of the United Kingdom; (d) in the interests of public safety; (e) for the purpose of protecting public health; (f) for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department; (g) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health; or (h) for any purpose (not falling within paragraphs (a) to (g)) which is specified for the purposes of this subsection by an order made by the Secretary of State. 14 Section 1(3), ACT 2014; The Secretary of State may by regulations make further provision about the Retention of relevant communications data. 15 http://iocco-uk.info/docs/ripa.pdf 16 RIPA, section 22(2)
  • 14.  In regard to legal framework functionality, section 7 has obligated the Secretary of state to appoint the “independent reviewer of terrorism legislation”17 to review the regulations and operations of investigatory powers18. SECTION (D) RECOMMENDATIONS Data Retention is not a target for itself; it is a part of a larger legal framework to guarantee the digital wellbeing of the public and national economy as well. Considering it as a threat for individual’s privacy shall not exist; if the system is trustfully implemented. Thus, Data Protection Regulations, Directives & Laws, among other legislative & organizational frameworks, are evolving around the globe to maintain our way of living, not to lessening any of our rights. In this regard, Common Law and Civil Law traditional legal systems are determined formulating a complete system to organize the cyber zone. So far, the US & EU have addressed certain key strategic subjects, while there are certain regions, like the Middle East, in their first stages in this regard. In accordance to the subject of this research, we do recommend the following;  Considering it a balanced & sufficient data retention direction, it is recommended excerpting the Data Retention Regulation Schedule 2014 in national legislations.  Adopting proper & strict Content Retention Policies that guarantees personal privacy in line with the national procedural laws.  Monitoring the Data Retention policies on a yearly basis.  Assigning a National Data Regulatory Authority. 17 Subsection 7(8) in this section “the independent reviewer of terrorism legislation” means the person appointed under section 36(1) of the Terrorism Act 2006 (and “independent reviewer” is to be read accordingly). 18 “The independent reviewer” is a post that already exists under the terrorism ACT 2006 & section 44 of Counter- Terrorism and Security Act 2015
  • 15. References http://searchdatabackup.techtarget.com/definition/data-retention-policy https://en.wikipedia.org/wiki/Human_Rights_Act_1998 http://www.whatdotheyknow.com/request/26462/response/74338/attach/html/3/009%2010%20T able.xls.html http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en http://www.bbc.co.uk/news/uk-england-11479831 http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d0f130d56f59597a42b44d5ca e35b70377ca8d80.e34KaxiLc3eQc40LaxqMbN4OchaKe0?text=&docid=169195&pageIndex=0 &doclang=EN&mode=lst&dir=&occ=first&part=1&cid=16562 http://www.statutelaw.gov.uk/content.aspx?LegType=All+Legislation&title=regulation+of+inve stigatory&searchEnacted=0&extentMatchOnly=0&confersPower=0&blanketAmendment=0&so rtAlpha=0&TYPE=QS&PageNumber=1&NavFrom=0&parentActiveTextDocId=1757378&Acti veTextDocId=1757409&filesize=8774 https://en.wikipedia.org/wiki/Defence_Intelligence https://en.wikipedia.org/wiki/Cabinet_Secretary_for_Justice https://en.wikipedia.org/wiki/Telephone_tapping http://www.statutelaw.gov.uk/content.aspx?LegType=All+Legislation&title=Regulation+of+Inv estigatory+Powers+Act+2000&searchEnacted=0&extentMatchOnly=0&confersPower=0&blank etAmendment=0&sortAlpha=0&TYPE=QS&PageNumber=1&NavFrom=0&parentActiveTextD ocId=1757378&activetextdocid=1757416&versionNumber=1 https://en.wikipedia.org/wiki/Ministry_of_Defence_Police https://en.wikipedia.org/wiki/MI5 https://en.wikipedia.org/wiki/Mass_surveillance_in_the_United_Kingdom http://searchstorage.techtarget.com/definition/data-retention http://www.legislation.gov.uk/ukdsi/2009/9780111473894/regulation/3 http://www.legislation.gov.uk/uksi/2009/859/schedule/made http://www.legislation.gov.uk/uksi/2009/859/regulation/5/made
  • 16. http://www.legislation.gov.uk/ukpga/2014/27/pdfs/ukpga_20140027_en.pdf https://en.wikipedia.org/wiki/Office_of_Public_Sector_Information https://en.wikipedia.org/wiki/Office_of_Public_Sector_Information https://en.wikipedia.org/wiki/Office_of_Public_Sector_Information http://www.statutelaw.gov.uk/content.aspx?LegType=All+Legislation&title=regulation+of+inve stigatory&searchEnacted=0&extentMatchOnly=0&confersPower=0&blanketAmendment=0&so rtAlpha=0&TYPE=QS&PageNumber=1&NavFrom=0&parentActiveTextDocId=1757378&Acti veTextDocId=1757385&filesize=11519 http://www.legislation.gov.uk/ukpga/2014/27/pdfs/ukpga_20140027_en.pdf http://www.legislation.gov.uk/ukia/2014/266/pdfs/ukia_20140266_en.pdf http://www.theguardian.com/politics/2014/sep/30/theresa-may-tory-government-snoopers- charter http://www.theguardian.com/technology/2014/jun/24/british-government-breaking-law-in- forcing-data-retention-by-companies https://en.wikipedia.org/wiki/Investigatory_Powers_Tribunal http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d0f130d5cb2de61340ea4b10 8458a6201a7991e8.e34KaxiLc3eQc40LaxqMbN4Och8Re0?text=&docid=145562&pageIndex= 0&doclang=en&mode=req&dir=&occ=first&part=1&cid=768374 http://www.torbay.gov.uk/index/yourcouncil/accesstoinformation/ripa/covert-cop.pdf http://www.legislation.gov.uk/ukpga/2015/6/pdfs/ukpga_20150006_en.pdf http://europeanlawblog.eu/?p=2289 http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32002L0058&from=EN http://www.breitbart.com/london/2016/02/14/top-uk-court-rules-gchq-hacking-of-private- telephones-computers-and-other-electronic-devices-legal/ http://www.walesonline.co.uk/news/politics/tory-mp-accused-welsh-government-10904099 http://www.independent.co.uk/news/uk/politics/gchq-hacking-phones-and-computers-is-legal- says-top-uk-court- a6871716.html?utm_content=bufferf5df2&utm_medium=social&utm_source=linkedin.com&ut m_campaign=buffer