Communications Data
This section provides an outline of communications data legislation, gives details of the
communications data inspection regime, provides statistical information about the use of
communications data by public authorities and identifies key findings from IOCCO’s
inspections.

Communications Data legislation
Chapter 2 of Part 1 of RIPA (sections 21 to 25) and the Acquisition and Disclosure of
Communications Data Code of Practice set out the procedures for the acquisition and
disclosure of communications data. Unless otherwise specified, references in this section
to ‘the Code of Practice’ are to that Code.
Communications data embraces the ‘who’, ‘when’ and ‘where’ of a communication, but not the
content of what was said or written. In essence, communications data comprises the following:
•

Traffic data, which is data that may be attached to a communication for the
purpose of transmitting it and could appear to identify: the sender and recipient
of the communication; the location from which it was sent; the time at which it
was sent; and other related material (see sections 21(4)(a) and 21(6) and (7) RIPA
and paragraphs 2.24 to 2.27 of the Code of Practice). Examples of this would be
email headers and data relating to the location of a mobile phone (cell-site data).

•

Service use information, which is data relating to the use made by any person
of a communication service and may be the kind of information that appears on
Communications Service Provider’s (CSP’s) itemised billing documents (see Section
21(4)(b) RIPA and paragraphs 2.23 and 2.28 to 2.29 of the Code of Practice).
Examples of this would include the ‘to’, ‘from’ and ‘duration’ of a phone call or
text message.

•

Subscriber information, which is data held or obtained by a CSP in relation to a
customer and may be the kind of information which a customer provides when
they sign up to use a service. (See Section 21(4)(c) RIPA and paragraphs 2.30
and 2.31 of the Code of Practice). Examples of this would include the name and
address of the subscriber of a telephone number or the account holder of an
email address.

A number of public authorities have statutory powers to apply for communications data
under Chapter 2 of Part 1 of RIPA. These include:
•
•
•
•
•
•
•
•
•

Police forces;
The National Crime Agency (NCA);
Her Majesty’s Revenue and Customs (HMRC);
Intelligence agencies;
The Gambling Commission;
The Department for Transport;
The Home Office (Immigration Enforcement);
Local Authorities, through the National Anti-Fraud Network (NAFN); and
The Criminal Case Review Commission.

www.iocco-uk.info

3

Select target paragraph3