In 2010, the coalition announced that they would roll back the surveillance state including the “Ending of storage of internet and email records without good reason”. The coalition is on the threshold of fulfilling that pledge - at least in relation to data held by ISPs. ISPs meanwhile need to clarify what they are doing now that the law is gone.
No doubt, once the coalition settled down, ministers were briefed that the retention of user data was required by European law: so they could easily forget about this pledge. The European Court of Justice has helped the matter along by deleting the law. We sincerely hope that the coalition sticks by its agreement, and does not try to re-legislate data retention back into UK statutes.
As a result of the law’s death, some ISPs are starting to delete their data in Sweden for instance, where this law caused very significant controversy. Authorities there are letting ISPs do this. It is extremely important that we know what actions ISPs are taking. For this reason, ORG has today written to BT, Sky, TalkTalk and Virgin to ask them to explain how they will be treating user data now that the Directive no longer exists:
… these regulations no longer have a valid basis in UK law. It is our understanding that ISPs therefore should not be retaining user data unless there is some other legal basis for doing so.
We understand that you should only retain personal data such as IP logs and email communications data for legitimate business reasons or specific legal requirements.
In the interests of your customers, please can you:
(1) Confirm that you are not continuing to abide by the now defunct Data Retention Directive and regulations;
(2) Publish a description of the data you will be continuing to collect for business purposes (and how the data assists you) and what time period you will be holding the data for