(This note is not part of the Regulations)
These Regulations implement Directive 2006/24/EC (“the Data Retention Directive”) of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.
The Data Retention (EC Directive) Regulations 2007 implemented the Data Retention Directive with respect to fixed network and mobile telephony. The United Kingdom made a declaration pursuant to Article 15.3 of the Data Retention Directive that it would postpone application of that Directive to the retention of communications data relating to internet access, internet telephony and internet e-mail. These Regulations implement the Data Retention Directive with respect to those forms of data, and revoke the Data Retention (EC Directive) Regulations 2007 which are superseded by these Regulations.
The Regulations impose a requirement on public communications providers (“providers”), as defined in regulation 2, to retain the categories of communications data specified in the Schedule to the Regulations. The Regulations apply to all providers to whom a written notice has been given by the Secretary of State in accordance with regulation 10. Regulation 4 makes provision regarding the obligation to retain the data specified in the Schedule.
Such data must be retained, in accordance with regulation 5, for a period of 12 months from the date of the communication in question. The data must be stored in accordance with the requirements in regulation 8, and may only be accessed in accordance with regulation 7.
Data protection and data security are provided for in regulation 6. Regulation 6(2) provides that the Information Commissioner, as the designated Supervisory Authority for the purposes of Article 9 of the Data Retention Directive, is responsible for monitoring the application of these Regulations with respect to the security of stored data.
There is a requirement on providers to provide statistics to the Secretary of State in regulation 9.
Regulation 11 provides that the Secretary of State may make arrangements for reimbursing any expenses incurred by providers in complying with the Regulations.