Monday, 8 February 2016

Never mind Internet Connection Records, what about Relevant Communications Data?

Cyberleagle: "Clause 71 of the Bill would empower the Home Office to issue retention notices covering six categories of what the draft Bill calls ‘relevant communications data’.

 According to the draft Bill’s Explanatory Notes, one of those six categories (71(9)(f)) corresponds to internet connection records. That leaves five categories which, on the face of them, seem to go wider than the existing data retention categories under the Data Retention and Investigatory Powers Act 2014 (DRIPA) as amended by the Counter Terrorism and Security Act 2015 (CTSA).

 For internet communications the current DRIPA data retention categories cover internet access services, internet e-mail and internet telephony. Those categories replicate the 2009 Data Retention Regulations, which implemented the now invalidated EU Data Retention Directive.  The CTSA extended DRIPA to include so-called IP address resolution data.

 We can get an idea of the scope of ‘relevant communications data’ by appreciating that it covers any type of communication on a network, expressly including communications where the sender or recipient is not a human being. This sweeps up not only background interactions that smartphone apps make automatically with their supplier servers, but probably the entire internet of things. 

The type of data about these communications that could be required to be retained goes beyond the relatively familiar sender, recipient, time and location information to data such as the ‘type, method or pattern’ of communication (clause 71(9)(c)).

‘Data’ is defined to include ‘any information which is not data’ (clause 195(1)).

In another departure from existing retention laws, providers could be required to generate data specifically for retention (71(8)(b)(i)). At present they can only be required to keep data that they already generate or process in the course of providing their service." 'via Blog this'

No comments: