The draft version of the Electronic Communications Data Retention (EC Directive) Regulations 2008 ('ECDRR') has been published by the Government this week. The proposed date of its enforcement is the 15th March 2009.Under the ECDRR, calls, texts, emails and internet records may be kept by specified bodies (all bodies covered by the Regulation
of Investigatory Powers Act (RIPA) for period of 12 months. In addition, an ISP or a telecom company can also be served with a written notice by the Secretary of State to vary the period of storage to a different period between 6 and 24 months.
It is important to be clear about the nature of data that will kept: information concerning the time of call, the instigating number, the email addresses or URLs will be kept. However no information relating to the content of those communications will be kept. However one has to query the process by which such information will be extracted and the extent the extraction will infringe the privacy of the user. For instance, the email address of a user can reveal a lot about the identity of that user given that most of us use our surnames when creating our email addresses. Likewise, information which might seem innocent at first as the time/duration of call can also reveal much more about the user than the latter would like.
The proposed regulations need to be approved by both the House of Lords and Commons before coming into force. The Home Office anticipates that the cost of compliance may be in the region of £50 million over the course of eight years.
CyberPanda is sceptical about any legislative tool which aims at storing information which may seem on the surface to be harmless (as URLs or email addresses) but which in reality raises deeper privacy and security issues. It remains to be seen how much of the draft rules will be amended whilst awaiting assent.
Disclaimer: This image is subject to copyright. Click here to access original image.
No comments:
Post a Comment