Home
 » ISP News » 
Sponsored

UPDATE4 Open Rights Group Call on UK ISPs to Clarify Data Retention Policy

Friday, April 11th, 2014 (9:29 am) - Score 3,033

The Open Rights Group (ORG) has written a new open letter that calls upon BT, Sky Broadband, TalkTalk and Virgin Media to clarify their positions on the storing of personal customer data / access logs, which follows a decision by the European Court of Justice to rule that the EU’s Data Retention Directive was now “invalid“.

In its ruling earlier this week the ECJ concluded (here) that keeping a basic customer access / IP address log of all website, email and phone call activity for up to 2 years was not proportionate and that the EU’s related directive breaches a “fundamental right to respect for private life and the fundamental right to the protection of personal data” (Charter of Fundamental Rights of the EU).

The United Kingdom’s similar Regulation of Investigatory Powers Act 2000 (RIPA) pre-dates the EU law but it is still influenced by that legislation and thus any change to European law can result in amendments to related rules over this side of the English channel.

So far at least one ISP in Sweden has decided to delete all of its logs, despite the local national law still technically being active, and now a question mark has been raised over whether other providers should follow suit.

ORG’s Open Letter – Data Retention Directive

I am writing to you to seek clarification of your approach to retention and use of your customers data, as a result of the European Court of Justice’s ruling that the Data Retention Directive is invalid and does not apply as European law.

This directive was implemented into UK law by the Data Retention (EC Directive) Regulations 2009. Since the European Court of Justice declared the directive outside the competence of the EU treaties, the UK was never required to implement it. Therefore these regulations no longer have a valid basis in UK law. It is our understanding that ISPs therefore should not be retaining user data unless there is some other legal basis for doing so.

We understand that you should only retain personal data such as IP logs and email communications data for legitimate business reasons or specific legal requirements.

In the interests of your customers, please can you:

(1) Confirm that you are not continuing to abide by the now defunct Data Retention Directive and regulations;

(2) Publish a description of the data you will be continuing to collect for business purposes (and how the data assists you) and what time period you will be holding the data for

Thank you,

Jim Killock
Executive Direcgtor
Open Rights Group

It should be stressed that, even without any law, all ISPs would still need to keep basic access logs in order to understand and adapt to how customers are using their service (e.g. billing for data usage or putting more capacity in to balance for iPlayer consumption). As a result the issue is arguably more to do with how long an ISP should retain such logs and in the UK the somewhat voluntary rule is currently 12 months, not the EU’s maximum of 24; the latter of which drew strong criticism from the ECJ.

In any case the issue of state vs EU law is a complicated minefield and probably one that big ISPs in the United Kingdom will be keen to avoid, at least until such time as any amendments are made. The indications received by ISPreview.co.uk are that at present there will be no rash changes on the ISP side of things, although eyes are being kept firmly on developments in Europe.

If we’re lucky we might even have an official comment or two to post later today, assuming the start of Easter Holiday’s doesn’t drag everybody away.

UPDATE 1:34pm

As expected none of the ISPs have yet been able to give us a firm quote, although Sky Broadband did suggest that they would monitor how the UK Government responded before considering any further steps. We’ll update again if any quotes arrive.

UPDATE 1:45pm

A spokesperson for Virgin Media told ISPreview.co.uk that, “We are seeking clarification on what this means for us under UK law“. The EU will similarly need to conduct an impact assessment on the potential consequences of the ruling before knowing how to amend the law, which could take several months. Meanwhile, as above, the UK law remains in place and individual member states will need to conduct their own assessments to see if changes are needed.

UPDATE 12th April 2014

The UK Internet Service Providers Association (ISPA) has thrown its cap into the ring with a statement from Nicholas Lansman that echoes most of what we’ve written above: “The CJEU ruling has the potential for major changes to the data-retention regime, however we believe that for the time being that obligations remain in place.”

In the meantime the Government of Sweden has decided not to take any action against the ISP that unilaterally decided to delete all of its logs following the ECJ’s ruling. Apparently Sweden, which has its own local law for data retention that reflects the EU’s, felt as though challenging the ISPs decision would cause too many problems, until the legislation can be amended.

UPDATE 13th April 2014

A spokesperson for AAISP added: “AAISP has never been required to retain data under the Data Retention Directive and so never has. If we were asked to now, we would challenge such a request in light of the recent judgment.”

Delicious
Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he is also the founder of ISPreview since 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
0 Responses

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Promotion
Cheapest Superfast ISPs
  • Hyperoptic £18.00 (*22.00)
    Avg. Speed 30Mbps, Unlimited
    Gift: Code: CHRISTMAS18
  • Onestream £19.95 (*34.99)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • TalkTalk £22.50
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • Vodafone £23.00 (*25.00)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
Poll
*Javascript must be ON to vote*
The Top 20 Category Tags
  1. BT (2290)
  2. FTTP (1755)
  3. FTTC (1521)
  4. Broadband Delivery UK (1491)
  5. Openreach (1234)
  6. Politics (1227)
  7. Business (1093)
  8. Statistics (965)
  9. Mobile Broadband (886)
  10. Fibre Optic (881)
  11. FTTH (819)
  12. Ofcom Regulation (813)
  13. Wireless Internet (807)
  14. 4G (768)
  15. Virgin Media (742)
  16. Sky Broadband (546)
  17. TalkTalk (525)
  18. EE (508)
  19. Vodafone (397)
  20. Security (371)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules