Posted: 16th Feb, 2009 By: MarkJ
BT and other major network suppliers could soon be required to foot the bill for any data retention costs incurred by smaller UK broadband ISPs. The move is part of the governments draft
Communications Data Bill, which forces providers to log basic customer access, web and email activity on their networks for up to one year.
Naturally smaller ISPs are unlikely to have enough cash, especially given the current financial climate, to do the job themselves. Similarly the government would also prefer not to stump up for it, even though that is what the EC Directive requires.
The devised solution is to simply shift responsibility further upstream and place it with the major network suppliers. This would force them to take on both the cost and technical responsibility of retaining a smaller ISPs personal customer data (as well as their own):
A Home Office spokeswoman confirmed the laws mean higher tier providers, including
BT, will be called on to act as the government's collectors, pooling private communications data from dozens of small reseller networks.
BT said it was examining the draft legislation and declined to comment. The Home Office estimates that retention by ISPs will cost £43m.
Source:
The Register Consumers may be concerned that network suppliers, whom sometimes offer their own retail ISP services, could potentially abuse the data for personal gain (marketing). We suspect that they'd rather not have to deal with the issue in the first place, but that's hardly reassurance.
The full draft
Data Retention (EC Directive) Regulations 2009 (Adobe Reader .PDF) can be viewed by clicking the link. ISPreview also published its own article on the matter during May last year - '
ISPs Raise Concerns Over Data Retention'.
Still, of most concern will be who has access to view this data. Recent drafts and amendments have indicated that local councils, the National Health Service and even the Post Office could be granted permission. Since when did any of them need to know about the websites we visit and e-mails we send/receive?!
It's expected that the current proposals could come into force during April 2009, although we'd like to see more common sense about protecting access to the data before then.