The Data Retention (EC Directive) Regulations 2009 came into force on 6 April. The Regulations require public communications service providers (CSPs) - including internet, telephone, and email service providers - to retain communications data for a period of 12 months after the date of the communication.
For the purposes of the Regulations, "communications data" means the traffic, location, and other electronic data necessary to identify the subscriber or user of a particular service, e.g., data showing when a person made or received a call, the number called, the length of the call, and the person's location when they made the call. It does not include the content of communications.
The Government argues the Regulations are necessary to combat terrorism and fight other serious crimes, such as drugs trafficking, human trafficking, hacking, and fraud. This argument has not appeased privacy campaigners, however, who insist the Regulations exist solely to enable the Government to access a 'big brother' style database, akin to the one in George Orwell's dystopian classic 1984.
The Regulations will complete implementation of EC Data Retention Directive 2006/24/EC into UK law. According to Computerworld, however, a number of other member states - Austria, Greece, Ireland, the Netherlands, Poland, and Sweden - have delayed implementing the Directive.
Indeed, the European Commission has decided to sue Sweden for failing to
implement the earlier and less stringent Data Retention (EC Directive) Regulations of 2007 (which the
2009 Regulations supercede).
Computerworld reports that instead of hurrying the implementation process, some Swedish politicians believe the suit represents the perfect opportunity to challenge the data retention laws (both old and new) under the European Convention on Human Rights.