The UK Home Office has launched a consultation on plans to update the acquisition and disclosure of communications data code of practice and introduce a new retention of communications data code of practice. Both documents are provided in draft form.
The former code sets out the processes and safeguards governing the acquisition of communications data by public authorities, including law enforcement agencies. It was last published in 2007. The draft is intended to clarify, and incorporate best practices, around the use of relevant powers involved. In particular, it seeks to make a number of updates to bring the code in line with current approaches and processes, more accurately reflecting the experiences of public agencies that apply the code in practice.
The new data retention code, in turn, sets out how the government implements the requirements in the Data Retention and Investigatory Powers Act 2014 (‘DRIPA’) and the Data Retention Regulations 2014 (SI 2014/2042). They were passed under a fast-track Parliamentary procedure in July 2014, replacing the UK’s Data Retention (EC Directive) Regulations 2009, after the EU’s Court of Justice held earlier this year that the EU Data Retention Directive 2006 was invalid. Parliamentarians were eventually persuaded by the government that their adoption was necessary to plug a hole left in the statutory regime governing the UK’s surveillance capabilities.
The consultation also includes an additional ‘addendum’ document setting out further changes that would be made to the data retention code should the Parliament adopt the Counter Terrorism and Security Bill introduced in November 2014 (see previous posts here for background). This document on IP address resolution can be found here.
Comments should be sent to the following email address – email@example.com – and the consultation deadline closes on 20 January 2015.