(This note is not part of the Regulations)
These Regulations implement Directive 2006/24/EC (“the Directive”) of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.
The United Kingdom made a declaration pursuant to Article 15.3 of the Directive that it will postpone application of that Directive to the retention of communications data relating to Internet Access, Internet telephony and Internet e-mail. These Regulations therefore do not implement the Directive with respect to those forms of data.
The Regulations impose a requirement on the providers of public electronic communications services or networks (“providers”), as defined in regulation 2, to retain the categories of data specified in regulation 5. The Regulations apply to those providers as provided for in regulation 3. Regulation 4 makes provision regarding the obligation to retain the data specified in regulation 5.
Such data must be retained for a period of 12 months, in accordance with regulation 4(2). The data must be stored in accordance with the requirements in regulation 7.
Data security is provided for in regulation 6.
Regulation 8 provides that the Information Commissioner as the supervisory authority is responsible for monitoring the application of these Regulations with respect to the security of stored data.
There is a requirement on providers to provide statistics to the Secretary of State in regulation 9.
Regulation 10 provides that the Secretary of State may make arrangements for reimbursing any expenses incurred by providers in complying with the Regulations.