10 Jul 2014

How the government controls your data: a timeline of data law

In 2009 the then Labour government introduced the Data Retention (EC Directive) Regulations. It obliged mobile phone companies and internet service providers (ISPs) to keep communications data for one year. This included who you emailed or called, when and where.

(Important note: this did NOT include the actual content of the messages, eg. what you write in the email. To gather that requires sign-off by a secretary of state).


Last year the Conservatives tried to push through a bill which would have expanded the obligations on comms companies: for example, ISPs would have to keep records of which web pages we visit. It also expanded the ways in which government agencies could access the info collected.

Then in April, the European Court of Justice ruled that the 2009 UK rules went too far. Collecting and storing the data was a breach of human rights.

Overnight, comms companies were opened up to the threat of legal action from customers for continuing to collect their data.

Furthermore, if the mobile phone and internet companies started to delete the data, the government argues this would lead to the loss of vital leads in criminal and counter-terror cases (police and intelligence agencies often only know in hindsight who they need to investigate).

So today the government has announced emergency legislation to legalise the powers already being used by comms companies. It claims it is “responding” to the ECJ ruling – but many will see this as a kind of over-ruling.

UPDATE 13:30pm

Follow @geoffwhite247 on Twitter