'Today' considers data retention and IMP

[Joel Harrison]

On 9 Jan 2009, at 19:06, Richard Clayton <richard@highwayman.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <alpine.LFD.2.00.0901091613260.4958@localhost.localdomain>,
> Paul Jakma <paul@clubi.ie> writes
>
>> On Fri, 9 Jan 2009, John Wilson wrote:
>>
>>> When the government has spent the tens of billions of pounds to
>>> install the black boxes to do deep packet inspection a Gmail user
>>
>> Google have significant business activities in EU. What reason is
>> there to think they will not comply with this directive?
>
> Well it doesn't apply to them:
>
> consider s3 of the draft transposition into UK law:
>
>    3. These Regulations apply to communications data if, or to the
>    extent that, the data are generated or processed in the United
>    Kingdom by public communications providers in the process of
>    supplying the communications services concerned.
>
This is a horrible, horrible piece of drafting, resulting from a  
straight copy-out from the directive.

What are "the communications services concerned"?  On one reading, it  
refers to any or all of those services listed in reg 5.  On that  
reading, my ISP has to retain data about my use of internet email (a  
communications service), on the basis that it processes that data in  
the process of supplying my internet access service (also a  
communications service).

It would have been much clearer IMO to use the singluar - ie the  
obligation pertains to data about service X generated or processed in  
the process of supplying service X.

Even then, it would have been useful to clarify that a mere conduit  
does not "supply" a service delivered by a third party over its wire.

Incidentally, note the view of the Art 29WP that the use of cookies in  
an EU state constitutes the use of equipment for processing personal  
data in that state. Different context, but for those purposes a  
webmail operator established in another jurisdiction does, for some  
purposes, process data on the EU.


>> Further, even if they did not comply directly with the directive, is
>> there reason to think they would not comply with legal requests for
>> logged information?
>
> I have no doubt that Google will respond correctly to legal requests
> made to them within their jurisdiction -- perhaps as a result of a
> Mutual Legal Assistance request from another country.
>
> - --
> richard                                              Richard Clayton
>
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety.         Benjamin Franklin
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1
>
> iQA/AwUBSWegN5oAxkTY1oPiEQIBywCgtKx23aCVyjoUFh5eD1u3P6G3PGMAoKoy
> FZqYT5icATy0FtOMfuLrx5Oq
> =jbo2
> -----END PGP SIGNATURE-----
>