The Government laid its draft Retention of Communications Data (Code of Practice) Order 2003 before Parliament on Thursday; but the text was still not available for comment at the time of writing.
On Friday, the Home Office announced the results of its recent consultation on the subject while also announcing new rules on access to communications data (see today's related story at the link below).
The Home Office confirmed that if its voluntary arrangement proves unacceptable to industry, it will look to make data retention compulsory. But the results of the consultation appear to confirm what insiders have been saying all along: that a voluntary arrangement will be unacceptable.
The Home Office notes that 27 of the 57 respondents were concerned about the data protection implications of complying with a voluntary code: if they retain personal data for purposes that they cannot justify for any business purpose or to meet another legal obligation, they risk breaching the Data Protection Act. If the code is compulsory, this problem at least would be solved. But it's not the only problem for the telcos and ISPs: cost is another one.
Predictably, most industry respondents expressed concern about the cost of retention. There was a fear that operators would be required to redesign retention systems to suit agencies obtaining access. Understandably, the industry wants the Government to bear these costs.
Twenty-two respondents were against the retention of data in principle, while fourteen were in favour. In particular, the Information Commissioner said that he "would have preferred greater reliance to be placed on data preservation."
Data preservation is the targeted storage of specific data on specific users; data retention is the general storage of all data generated by all users. The police and intelligence services indicated in their responses that data preservation would not work without data retention.
The fact that the data retained would then be accessed by a large number of public agencies was a serious issue for 25 respondents.
One respondent commented,
"There is a legal view that while the retention may not in itself be unlawful, there is a significant risk that the collateral use of such retained data beyond investigations relating to national security would infringe an individual's right."
In general terms, the industry felt that a voluntary code was not the best way to implement the data retention aspects of RIPA. A mandatory code was not necessarily the best way forward either. According to the summary only "additional legislation would be needed to resolve their concerns."
Undeterred, Home Office Minister Caroline Flint said:
"The Government believes that retention of communications data under the Anti-Terrorism Crime and Security Act is crucial in the fight against terrorism.
"The code of practice being placed before Parliament produces a balance between what is required to combat terrorism and what is reasonable to ask industry to deliver."