Government drops plans for single communications database over privacy concerns

Out-Law News | 27 Apr 2009 | 5:45 pm | 2 min. read

The Government has ruled out the creation of a controversial database which would have stored details of web use, emails and phone calls made by people in the UK. It said that it was the 'most effective' solution but has ruled it out on privacy grounds.

The Government will continue to rely on phone and internet companies' records, it said.

The Government had been considering creating a single, central, publicly owned and run database that would have stored the details of who made what communications with whom, for how long and when.

The idea was politically controversial and costs were said to be likely to run into billions of pounds. Home Secretary Jacqui Smith has now said that the Government will rely on a system similar to the current one, where Government asks internet service providers (ISPs) or phone networks for the data when they need it.

"The Government has no plans for a centralised database for storing all communications data," said the Government's consultation paper on its plans. "This could be the most effective technical solution to the challenges we face and would go furthest towards maintaining the current capability; but the Government recognises the privacy implications of a single store of communications data and does not, therefore, intend to pursue this approach."

"Advances in communications mean that there are ever more sophisticated ways to communicate and we need to ensure that we keep up with the technology being used by those who would seek to do us harm," said Smith, announcing the consultation on Government plans.

"The system the government is proposing is based on the current model where Communications Service Providers (CSPs) collect and store the data and where we have strict and effective safeguards in place to regulate access by public authorities," said a Home Office statement.

"The Government proposes legislating to allow all data that public authorities might need, including third party data (data generated by communications services based overseas but crossing the networks in the UK) to be collected and retained by CSPs," it said.

The Government said in its consultation paper that most data would remain out of Government hands.

"The majority of communications data held by communications service providers is never acquired by the authorities, since there is no justifiable need or reason to do so; there is no intention to change this under any of the options set out in this consultation paper," it said.

The Government's plans involve some changes to the law. Though much of the information security services would require is already collected and stored by ISPs and phone networks for billing purposes, some is not.

The Government said that law changes would focus on providers' ability to store data relating to communications from overseas.

"The Government would legislate to ensure that all the data that public authorities might need, including the third party data, is collected and kept in the UK," said its consultation. "Communications service providers based in the UK would therefore continue to collect and retain communications data relating to their own services but also collect and store the additional third party data crossing their networks. This would therefore include communications data which does not come under the scope of the EU Data Retention Directive."

"All the data retained by the communications service providers would continue to be accessible on a case-by-case basis to public authorities, subject to the same rigorous safeguards that are now in place," it said.

The Government also said that it would require providers to do some data processing, matching foreign data to domestic data so that people could be more easily identified by authorities.

"The Government recommends…that it legislates to ensure that all data that public authorities might need, including third party data, is collected and retained by communications service providers; and that the retained data is further processed by communications service providers enabling specific requests by public authorities to be processed quickly and comprehensively," it said.

The idea of a single database had been heavily criticised by privacy activists. Privacy watchdog the Information Commissioner's Office (ICO) called it "a step too far for the British way of life".