Office of Public Sector Information
Regulation 4
1.—(1) The calling telephone number.
(2) The name and address of the subscriber or registered user of any such telephone.
2.—(1) The telephone number dialled and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred.
(2) The name and address of the subscriber or registered user of any such telephone.
3. The date and time of the start and end of the call.
4. The telephone service used.
5.—(1) The calling telephone number.
(2) The name and address of the subscriber or registered user of any such telephone.
6.—(1) The telephone number dialled and, in cases involving supplementary services such as call forwarding or call transfer, any telephone number to which the call is forwarded or transferred.
(2) The name and address of the subscriber or registered user of any such telephone.
7. The date and time of the start and end of the call.
8. The telephone service used.
9.—(1) The International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) of the telephone from which a telephone call is made.
(2) The IMSI and the IMEI of the telephone dialled.
(3) In the case of pre-paid anonymous services, the date and time of the initial activation of the service and the cell ID from which the service was activated.
10.—(1) The cell ID at the start of the communication.
(2) Data identifying the geographic location of cells by reference to their cell ID.
11.—(1) The user ID allocated.
(2) The user ID and telephone number allocated to the communication entering the public telephone network.
(3) The name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication.
12.—(1) In the case of internet telephony, the user ID or telephone number of the intended recipient of the call.
(2) In the case of internet e-mail or internet telephony, the name and address of the subscriber or registered user and the user ID of the intended recipient of the communication.
13.—(1) In the case of internet access—
(a) The date and time of the log-in to and log-off from the internet access service, based on a specified time zone,
(b) The IP address, whether dynamic or static, allocated by the internet access service provider to the communication, and
(c) The user ID of the subscriber or registered user of the internet access service.
(2) In the case of internet e-mail or internet telephony, the date and time of the log-in to and log-off from the internet e-mail or internet telephony service, based on a specified time zone.
14. In the case of internet e-mail or internet telephony, the internet service used.
15.—(1) In the case of dial-up access, the calling telephone number.
(2) In any other case, the digital subscriber line (DSL) or other end point of the originator of the communication.
(This note is not part of the Regulations)
These Regulations implement Directive 2006/24/EC (“the Data Retention Directive”) of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.
The Data Retention (EC Directive) Regulations 2007 implemented the Data Retention Directive with respect to fixed network and mobile telephony. The United Kingdom made a declaration pursuant to Article 15.3 of the Data Retention Directive that it would postpone application of that Directive to the retention of communications data relating to internet access, internet telephony and internet e-mail. These Regulations implement the Data Retention Directive with respect to those forms of data, and revoke the Data Retention (EC Directive) Regulations 2007 which are superseded by these Regulations.
The Regulations impose a requirement on public communications providers (“providers”), as defined in regulation 2, to retain the categories of communications data specified in the Schedule to the Regulations. The Regulations apply to all providers to whom a written notice has been given by the Secretary of State in accordance with regulation 10. Regulation 4 makes provision regarding the obligation to retain the data specified in the Schedule.
Such data must be retained, in accordance with regulation 5, for a period of 12 months from the date of the communication in question. The data must be stored in accordance with the requirements in regulation 8, and may only be accessed in accordance with regulation 7.
Data protection and data security are provided for in regulation 6. Regulation 6(2) provides that the Information Commissioner, as the designated Supervisory Authority for the purposes of Article 9 of the Data Retention Directive, is responsible for monitoring the application of these Regulations with respect to the security of stored data.
There is a requirement on providers to provide statistics to the Secretary of State in regulation 9.
Regulation 11 provides that the Secretary of State may make arrangements for reimbursing any expenses incurred by providers in complying with the Regulations.
The Data Retention (Ec Directive) Regulations 2009