Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

New UK data retention laws come into force

Telecoms companies are subject to new UK rules to retain information about customers' communications.18 Jul 2014

The Data Retention and Investigatory Powers (DRIP) Act (12-page / 110KB PDF) is now in force after receiving support from the House of Commons and House of Lords following a fast-tracked approval process. The law received Royal Assent on Thursday.

Home secretary Theresa May said the new laws would provide the UK's intelligence services with the "powers and capabilities they need" to combat terrorism and organised crime.

The DRIP Act replaces previous UK regulations on data retention that had implemented an EU law which earlier this year was ruled to be invalid by the EU's highest court. The Court of Justice of the EU (CJEU) ruled that the EU Data Retention Directive disproportionately infringed on privacy rights enjoyed by EU citizens.

"If we had not acted immediately, investigations could have suddenly gone dark overnight," May said. "Criminals and terrorists would have been able to go about their work unimpeded, and innocent lives would have been lost. The Data Retention and Investigatory Powers Act will ensure the job of those who protect us does not get even more difficult and that they can maintain the use of vital powers to solve crime, save lives and protect the public from harm."

The new data retention laws relate to traffic data about mobile and internet communications such as the source of a communication, its destination, date, time, duration and type. They do not relate to the content of communications, which is protected by other laws.

Under the DRIP Act, public telecommunications operators can be required to store 'communications data' if the secretary of state considers the data retention is "necessary and proportionate" to help law enforcement agencies detect and prevent terrorism and other serious crimes or for serving other limited purposes specified under the existing Regulation of Investigatory Powers Act.

Telecoms companies could be asked to store the data for up to a year, under the Act. Operators based outside of the UK can be forced to comply with data retention orders made in accordance with the new rules, according to the new provisions.

Providers of a service which "consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system" are subject to the DRIP Act.

The Interception of Communications Commissioner will issue half-yearly reports on how the new rules are operating and a new independent reviewer of terrorism legislation is to be appointed to consider, among other things, "safeguards to protect privacy" and "the challenges of changing technologies".