Data Retention (EC Directive) Regulations 2007

rose to move, That the draft regulations laid before the House on 28 June be approved. The noble Lord said: My Lords, these regulations are made under Section 2(2) of the European Communities Act 1972 to enable the initial transposition of the European directive on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. The directive requires that traditional communications data from fixed-line and mobile telephony remains available for lawful disclosure, should disclosure become necessary and proportionate. Let me explain why communications data are important and why these measures are necessary. Communications data have nothing to do with the content of a communication. They are information about who is communicating with whom, when and where they are communicating and the type of communication. Typically, public communications providers have retained this information for their own business purposes, such as billing, network management and the prevention of fraud. Different businesses retain this data for different periods, and once the business purpose for retaining the data has expired, they are required to destroy it. These regulations are relevant only to businesses that keep their data for less than a year. So why is this information important? Communications data, such as mobile phone billing data, have a proven track record in supporting law enforcement and intelligence agency investigations and are a vital investigative tool. They provide evidence of associations between individuals and can place them in a particular location. They also provide evidence of innocence. I would like to pay tribute to the public communications providers, big and small, that have provided enormous assistance to the Security Service and the police by making communications data available for lawful disclosure and that have participated in discussions with the Government about the implementation of the directive. Without this data, the ability of the police and the Security Service painstakingly to investigate the associations between those involved in terrorist attacks and those who may have directed or financed their activity would be limited. The police and the Security Service’s ability to investigate terrorist plots and serious crime must not be allowed to depend on the business practice that happens to be employed by the public communications provider that a particular suspect, victim or witness used. These draft regulations will ensure that, regardless of which public communication provider supplies the service, the communications data will be available. This initial transposition applies to traditional types of communications only, such as mobile or fixed-line telephony. In recognition of the technical complexity of internet communications, the Government decided to delay implementation of the directive with regard to internet-related communications, and the public consultation showed overwhelming support for that approach. The retention of internet-related communications data has been postponed because our early engagement with the industry indicated that extra time would be required to clarify requirements and develop a technically sound approach to implementation. In contrast, we have a great deal of experience with the retention of traditional communications data. We have been working with the industry to ensure the retention of this data since 2003, when Parliament first approved the code of practice for the voluntary retention of communications data under Part 11 of the Anti-terrorism, Crime and Security Act 2001, which was made in response to the new threat from terrorism witnessed on 11 September 2001. Today, that threat is ever more apparent in the United Kingdom. The voluntary code has provided an important building block for establishing a practical framework for the retention of communications data in the UK, and the draft regulations provide the necessary next step to provide a mandatory framework. As well as ensuring that communications data are available to assist investigations, regardless of the different business practices of public communications providers, many providers have expressed a preference for a mandatory framework, as they welcome the additional legal certainty that provides. These regulations make provisions to continue with the established UK policy of reimbursing public communications providers which incur expenditure from adjusting their business practices to comply with the Government’s requirements for the retention of communications data. The recent public consultation confirmed the need for these provisions in order to avoid distortion of the highly competitive telecommunications market. The justification for and practice of the retention of communications data was debated in the House during consideration of the Anti-terrorism, Crime and Security Act 2001 and the code of practice for the voluntary retention of communications data. These regulations do not stray from the established policy position on this matter; they simply move the traditional telephony sector of the industry from a voluntary to a mandatory framework for the retention of communications data, a move that is largely welcomed by the industry and the law enforcement community. I beg to move. Moved, That the draft regulations laid before the House on 28 June be approved. 22nd Report from the Statutory Instruments Committee.—(Lord Bassam of Brighton.)