The Data Retention (EC Directive) Regulations 2009
Joel Harrison
ukcrypto at chiark.greenend.org.uk
Fri, 13 Feb 2009 18:34:23 +0000
On Fri, Feb 13, 2009 at 1:01 AM, Richard Clayton <richard@highwayman.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <7b6bd0c90902120443vfff603etfdb4df37107c1e2e@mail.gmail.com>,
> Joel Harrison <joeldharrison@googlemail.com> writes
>
>>I'm not sure this is actually a substantive change from the previous
>>draft of the Regulations.
>
> So it might fool Brussels then :)
Maybe. At least until the Commission carries out its evaluation of
the implementation of the Directive (by September next year). It will
presumably look at whether the SoS has actually issued any notices
under reg 10.
>
>>Under reg 10 of the new draft, and assuming that the SoS complies with
>>the law (i.e. the obligation under reg 10(2)), the Regulations will
>>apply to a public communications provider unless the relevant
>>communications data is retained in the UK by another public
>>communications provider.
>
> It's the assumption that the SoS will get around to issuing all those
> hundreds of notices that I consider significant (because I consider it
> unlikely) ....
Or one big notice. Reg 10(3) and (4) contemplate that a single notice
may be given to a category of public communications providers.
Exactly how this would work in practice isn't clear. Reg 10(4) also
contemplates that the notice might not actually be delivered
individually to each public communications provider to which it
applies - the SoS could theoretically do something like publishing the
notice in a mass-circulation newspaper, although I suspect that isn't
what's intended.
Joel