UK Data Retention and Investigatory Powers Bill
igb at batten.eu.org
Fri Jul 11 19:23:24 BST 2014
On 11 Jul 2014, at 18:43, Roland Perry <lists at internetpolicyagency.com> wrote:
> But I expect the CSP will probably be retaining the whole thing, ahead of only disclosed what's allowed, but CSPs are welcome to correct me. In other words not redacting the logs in real time.
Where would that leave them from a data protection perspective? If a CSP is retaining data which would not be disclosable under RIPA S.21 (ie, isn't picked up by S.21(2)(b) "the conduct is in accordance with, or in pursuance of, the authorisation or requirement.") does DRIP provide them with cover against a claim that they are maintaining data unfairly in DPA terms? Surely, if the purpose of DRIP is to enable S.21 to work "properly" (for some value of properly which is a different debate), then it can only cover data which would be released subsequent to an S.22 request?
More information about the ukcrypto