Chwilio Deddfwriaeth

The Data Retention (EC Directive) Regulations 2009

Deddfwriaeth Ddrafft:

Mae hwn yn eitem o ddeddfwriaeth ddrafft. Mae’r drafft hwn, ers hynny, wedi cael ei wneud yn UK Statutory Instrument: The Data Retention (EC Directive) Regulations 2009 No. 859

Draft Regulations laid before Parliament under paragraph 2(2) of Schedule 2 to the European Communities Act 1972, for approval by resolution of each House of Parliament.

Draft Statutory Instruments

2009 No.

Electronic Communications

The Data Retention (EC Directive) Regulations 2009

Made

Coming into force

6th April 2009

The Secretary of State, being a Minister designated(1) for the purposes of section 2(2) of the European Communities Act 1972(2) in respect of matters relating to electronic communications, in exercise of the powers conferred by that section, makes the following Regulations (a draft of which has been approved by each House of Parliament):

Citation and commencement

1.—(1) These Regulations may be cited as the Data Retention (EC Directive) Regulations 2009.

(2) These Regulations come into force on 6th April 2009.

Interpretation

2.  In these Regulations—

(a)“cell ID” means the identity or location of the cell from which a mobile telephony call started or in which it finished;

(b)“communications data” means traffic data and location data and the related data necessary to identify the subscriber or user;

(c)“the Data Retention Directive” means Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC;

(d)“location data” means data processed in an electronic communications network indicating the geographical position of the terminal equipment of a user of a public electronic communications service, including data relating to—

(i)the latitude, longitude or altitude of the terminal equipment,

(ii)the direction of travel of the user, or

(iii)the time the location information was recorded;

(e)“public communications provider” means—

(i)a provider of a public electronic communications network, or

(ii)a provider of a public electronic communications service;

and “public electronic communications network” and “public electronic communications service” have the meaning given in section 151 of the Communications Act 2003(3);

(f)“telephone service” means calls (including voice, voicemail and conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multi-media services (including short message services, enhanced media services and multi-media services);

(g)“traffic data” means data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing in respect of that communication and includes data relating to the routing, duration or time of a communication;

(h)“user ID” means a unique identifier allocated to persons when they subscribe to or register with an internet access service or internet communications service.

Communications data to which these Regulations apply

3.  These Regulations apply to communications data if, or to the extent that, the data are generated or processed in the United Kingdom by public communications providers in the process of supplying the communications services concerned.

Obligation to retain communications data

4.—(1) It is the duty of a public communications provider to retain the communications data specified in the following provisions of the Schedule to these Regulations—

(a)Part 1 (fixed network telephony);

(b)Part 2 (mobile telephony);

(c)Part 3 (internet access, internet e-mail or internet telephony).

(2) The obligation extends to data relating to unsuccessful call attempts that—

(a)in the case of telephony data, are stored in the United Kingdom, or

(b)in the case of internet data, are logged in the United Kingdom.

(3) An “unsuccessful call attempt” means a communication where a telephone call has been successfully connected but not answered or there has been a network management intervention.

(4) The obligation does not extend to unconnected calls.

(5) No data revealing the content of a communication is to be retained in pursuance of these Regulations.

The retention period

5.  The data specified in the Schedule to these Regulations must be retained by the public communications provider for a period of 12 months from the date of the communication in question.

Data protection and data security

6.—(1) Public communications providers must observe the following principles with respect to data retained in accordance with these Regulations—

(a)the retained data must be of the same quality and subject to the same security and protection as those data on the public electronic communications network;

(b)the data must be subject to appropriate technical and organisational measures to protect the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure;

(c)the data must be subject to appropriate technical and organisational measures to ensure that they can be accessed by specially authorised personnel only;

(d)except in the case of data lawfully accessed and preserved, the data retained solely in accordance with these Regulations must be destroyed at the end of the retention period.

(2) It is the duty of the Information Commissioner, as the Supervisory Authority designated for the purposes of Article 9 of the Data Retention Directive, to monitor the application of the provisions of these Regulations with respect to the security of stored data.

(3) As regards the destruction of data at the end of the retention period—

(a)the duty of a public communications provider is to delete the data in such a way as to make access to the data impossible; and

(b)it is sufficient for a public communications provider to make arrangements for the operation of so deleting data to take place at such monthly or shorter intervals as appear to the provider to be convenient.

Access to retained data

7.  Access to data retained in accordance with these Regulations may be obtained only—

(a)in specific cases, and

(b)in circumstances in which disclosure of the data is permitted or required by law.

Storage requirements for retained data

8.  The data retained in pursuance of these Regulations must be retained in such a way that it can be transmitted without undue delay in response to requests.

Statistics

9.—(1) A public communications provider must provide the Secretary of State, as soon as practicable after 31st March in any year, with the following information in respect of the period of twelve months ending with that date.

(2) The information required is—

(a)the number of occasions when data retained in accordance with these Regulations have been disclosed in response to a request;

(b)the time elapsed between the date on which the data were retained and the date on which transmission of the data was requested;

(c)the number of occasions when a request for lawfully disclosable data retained in accordance with these Regulations could not be met.

(3) The Secretary of State may, by notice given in writing to a public communications provider, vary the date specified in paragraph (1).

(4) The notice may contain such transitional provision as appears to the Secretary of State to be necessary in consequence of the variation.

Data retained by another communications provider

10.—(1) These Regulations do not apply to a public communications provider unless the provider is given a notice in writing by the Secretary of State in accordance with this regulation.

(2) The Secretary of State must give a written notice to a public communications provider under paragraph (1) unless the communications data concerned are retained in the United Kingdom in accordance with these Regulations by another public communications provider.

(3) Any such notice must specify—

(a)the public communications provider, or category of public communications providers, to whom it is given, and

(b)the extent to which, and the date from which, the provisions of these Regulations are to apply.

(4) The notice must be given or published in a manner the Secretary of State considers appropriate for bringing it to the attention of the public communications provider, or the category of providers, to whom it given.

(5) It is the duty of a public communications provider to whom a notice is given under this regulation to comply with it.

(6) That duty is enforceable by civil proceedings by the Secretary of State for an injunction, or for specific performance of a statutory duty under section 45 of the Court of Session Act 1988(4), or for any other appropriate relief.

Reimbursement of expenses of compliance

11.—(1) The Secretary of State may reimburse any expenses incurred by a public communications provider in complying with the provisions of these Regulations.

(2) Reimbursement may be conditional on the expenses having been notified to the Secretary of State and agreed in advance.

(3) The Secretary of State may require a public communications provider to comply with any audit that may be reasonably required to monitor a claim for reimbursement.

Revocation

12.—(1) The Data Retention (EC Directive) Regulations 2007(5), which are superseded by these Regulations, are revoked.

(2) Anything done under or for the purposes of those Regulations that could have been done under or for the purposes of the corresponding provision of these Regulations (if it had been in force at the time) shall be treated on and after these Regulations come into force as if it had been done under or for the purposes of that corresponding provision.

Name

Minister of State

Home Office

Date

Regulation 4

SCHEDULECOMMUNICATIONS DATA TO BE RETAINED

PART 1FIXED NETWORK TELEPHONY

Data necessary to trace and identify the source of a communication

1.—(1) The calling telephone number.

(2) The name and address of the subscriber or registered user of any such telephone.

Data necessary to identify the destination of a communication

2.—(1) The telephone number dialled and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred.

(2) The name and address of the subscriber or registered user of any such telephone.

Data necessary to identify the date, time and duration of a communication

3.  The date and time of the start and end of the call.

Data necessary to identify the type of communication

4.  The telephone service used.

PART 2MOBILE TELEPHONY

Data necessary to trace and identify the source of a communication

5.—(1) The calling telephone number.

(2) The name and address of the subscriber or registered user of any such telephone.

Data necessary to identify the destination of a communication

6.—(1) The telephone number dialled and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred.

(2) The name and address of the subscriber or registered user of any such telephone.

Data necessary to identify the date, time and duration of a communication

7.  The date and time of the start and end of the call.

Data necessary to identify the type of communication

8.  The telephone service used.

Data necessary to identify users’ communication equipment (or what purports to be their equipment)

9.—(1) The International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) of the telephone from which a telephone call is made.

(2) The IMSI and the IMEI of the telephone dialled.

(3) In the case of pre-paid anonymous services, the date and time of the initial activation of the service and the cell ID from which the service was activated.

Data necessary to identify the location of mobile communication equipment

10.—(1) The cell ID at the start of the communication.

(2) Data identifying the geographic location of cells by reference to their cell ID.

PART 3INTERNET ACCESS, INTERNET E-MAIL OR INTERNET TELEPHONY

Data necessary to trace and identify the source of a communication

11.—(1) The user ID allocated.

(2) The user ID and telephone number allocated to the communication entering the public telephone network.

(3) The name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication.

Data necessary to identify the destination of a communication

12.—(1) In the case of internet telephony, the user ID or telephone number of the intended recipient of the call.

(2) In the case of internet e-mail or internet telephony, the name and address of the subscriber or registered user and the user ID of the intended recipient of the communication.

Data necessary to identify the date, time and duration of a communication

13.—(1) In the case of internet access—

(a)The date and time of the log-in to and log-off from the internet access service, based on a specified time zone,

(b)The IP address, whether dynamic or static, allocated by the internet access service provider to the communication, and

(c)The user ID of the subscriber or registered user of the internet access service.

(2) In the case of internet e-mail or internet telephony, the date and time of the log-in to and log-off from the internet e-mail or internet telephony service, based on a specified time zone.

Data necessary to identify the type of communication

14.  In the case of internet e-mail or internet telephony, the internet service used.

Data necessary to identify users’ communication equipment (or what purports to be their equipment)

15.—(1) In the case of dial-up access, the calling telephone number.

(2) In any other case, the digital subscriber line (DSL) or other end point of the originator of the communication.

EXPLANATORY NOTE

(This note is not part of the Regulations)

These Regulations implement Directive 2006/24/EC (“the Data Retention Directive”) of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.

The Data Retention (EC Directive) Regulations 2007 implemented the Data Retention Directive with respect to fixed network and mobile telephony. The United Kingdom made a declaration pursuant to Article 15.3 of the Data Retention Directive that it would postpone application of that Directive to the retention of communications data relating to internet access, internet telephony and internet e-mail. These Regulations implement the Data Retention Directive with respect to those forms of data, and revoke the Data Retention (EC Directive) Regulations 2007 which are superseded by these Regulations.

The Regulations impose a requirement on public communications providers (“providers”), as defined in regulation 2, to retain the categories of communications data specified in the Schedule to the Regulations. The Regulations apply to all providers to whom a written notice has been given by the Secretary of State in accordance with regulation 10. Regulation 4 makes provision regarding the obligation to retain the data specified in the Schedule.

Such data must be retained, in accordance with regulation 5, for a period of 12 months from the date of the communication in question. The data must be stored in accordance with the requirements in regulation 8, and may only be accessed in accordance with regulation 7.

Data protection and data security are provided for in regulation 6. Regulation 6(2) provides that the Information Commissioner, as the designated Supervisory Authority for the purposes of Article 9 of the Data Retention Directive, is responsible for monitoring the application of these Regulations with respect to the security of stored data.

There is a requirement on providers to provide statistics to the Secretary of State in regulation 9.

Regulation 11 provides that the Secretary of State may make arrangements for reimbursing any expenses incurred by providers in complying with the Regulations.

Yn ôl i’r brig

Options/Help

Print Options

Close

Mae deddfwriaeth ar gael mewn fersiynau gwahanol:

Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.

Gwreiddiol (Fel y’i Deddfwyd neu y’i Gwnaed): Mae'r wreiddiol fersiwn y ddeddfwriaeth fel ag yr oedd pan gafodd ei deddfu neu eu gwneud. Ni wnaed unrhyw newidiadau i’r testun.

Close

Dewisiadau Agor

Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd

Close

Memorandwm Esboniadol Drafft

Mae Memorandwm Esboniadol Drafft yn nodi datganiad byr o ddiben Offeryn Statudol Drafft ac yn rhoi gwybodaeth am ei amcan polisi a goblygiadau polisi. Eu nod yw gwneud yr Offeryn Statudol Drafft yn hygyrch i ddarllenwyr nad oes ganddynt gymhwyster cyfreithiol, ac maent yn cyd-fynd ag unrhyw Offeryn Statudol neu Offeryn Statudol Drafft a gyflwynwyd yn fanwl gerbron y Senedd o Fehefin 2004 ymlaen.

Close

Rhagor o Adnoddau

Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:

  • y PDF print gwreiddiol y fel deddfwyd fersiwn a ddefnyddiwyd am y copi print
  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • manylion rhoi grym a newid cyffredinol
  • pob fformat o’r holl ddogfennau cysylltiedig
  • slipiau cywiro
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Close

Rhagor o Adnoddau

Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:

  • y PDF print gwreiddiol y fel gwnaed fersiwn a ddefnyddiwyd am y copi print
  • slipiau cywiro

liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys

  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • manylion rhoi grym a newid cyffredinol
  • pob fformat o’r holl ddogfennau cysylltiedig
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill