Guest Blog: What’s next for communications data law?

Nicholas Lansman, Secretary General, ISPA

Following the recent General Election we’ve seen a number of legal challenges and Government promises regarding the laws and regulations that directly affect our industry, in particular those regarding communications data and surveillance powers. So, what is likely to happen over the next few months and how will we be affected? We invited ISPA’s Secretary General, Nicholas Lansman, to give us his view.

After the General Election, one of the new Government’s first pieces of legislation announced was the Investigatory Powers Bill, set to come before parliament in the autumn and subject to scrutiny by a joint committee. With a proposed new law, recent independent reports and reviews and legal judgements, what is the direction of travel for communications data, and what impact will it have on the communications sector?

Overall, it is extremely likely that CPs under notice from the Home Office will be asked to retain more user data beyond that currently retained for business purposes and retained under DRIPA as communications continue to evolve. ISPA expects much of the 2012 Draft Communications Data Bill to be part of the new Bill, including retention of third-party data, extended definitions of a communication service and access to communications data hosted overseas. We previously argued that this amounted to an extension of powers. As the independent reviewer of terrorism legislation concluded, the Home Office has yet to make a compelling case for the extension of a number of these powers. With any extension into users’ privacy and imposition on industry, additional safeguards will also be required. ISPA hopes that a complete rewrite of legislation will lead to a proportionate and more comprehensible framework for industry, the public and law enforcement.

Before the Bill is published, the Home Office will need to factor in the High Court judgement that deemed DRIPA (the Data Retention and Investigatory Powers Act) inconsistent with EU law (although Government is appealing). The Anderson Review supports data retention providing there are sufficient safeguards, and recommended that a new law would be the best way to proceed.

We also expect some further measures on encryption. Encryption plays a major role in maintaining the security and integrity of important online services such as online banking, and the Government should not undermine this. More details will be known when the Bill is published in the autumn.

So, how should industry respond?

ISPA believes that law enforcement should have reasonable access to communications data under a clear legal framework with judicial oversight. A new law would provide legal certainty, and would allow industry and parliament time to properly scrutinise the Bill and make sure the legislation balances the competing interests of privacy, security, technical feasibility, and the impact on business and the wider digital economy. Any new legislation needs to be mindful of the UK’s reputation as a leading place to do business online and not burden industry. ISPA previously campaigned successfully for cost recovery for compliance costs and it is vital that this is maintained. Obligations divert time and resources from core business functions and product development (not to mention the reputational and financial risks should a data breach occur).

ISPA will be working with members when the new Bill is published, and we would encourage the Government to take into account the recommendations from Anderson, the RUSI Commission and campaigners to significantly strengthen the safeguards and oversight and make sure that the public and industry can be fully confident with the new arrangements. We look forward to the many discussions and debates ahead.

We agree with ISPA that a newly conceived law that can be properly scrutinised and take into account all of the recent review findings is the best way to proceed. This is a highly controversial and important law that will affect every citizen of the UK. Amending and tweaking existing laws has proved counterproductive in the past and we think it’s time this issue was given a fresh approach with proper industry input. As ISPA says, we will have to wait till the Autumn to find out what the Government actually has in mind, but their predictions seem plausible- we expect increased data retention requirements and are hopeful they will be adequately safeguarded to avoid further opposition from the EU et al in the future.

Have your say!

How do you think the industry will be affected by ongoing reviews and changes to data retention laws? Do you agree with ISPA’s predictions? Let us know your opinion by leaving us a comment below.

Related articles

• Entanet Opinion: Has the High Court put a dampener on future snooping plans?
• Entanet Opinion: Will it be third time lucky for the ‘Snooper’s Charter’?
• Entanet Opinion: UK Government admits to “suspicionless hacking”
• Entanet Opinion: UPDATED: Is the ‘Snooper’s charter’ inevitable?

Further information

• ISPA Website