CHAPTER 1: INTRODUCTION
the legal basis for UK Regulations requiring service providers6 to retain
communications data for law enforcement purposes for a specified period;7 and
(b)
the need to put beyond doubt the extraterritorial effect of warrants,
authorisations and requirements relating to interception and communications
data, so that they could for example be served on overseas service providers.
These matters were addressed in DRIPA 2014 ss1 and 4, respectively. Other
technical and definitional changes were made by the Act. According to its Explanatory
Memorandum, the purpose of DRIPA 2014 was “not ... to enhance data retention
powers”, but rather to preserve pre-existing capabilities.8
1.5.
In recognition of the very short time available for debate, DRIPA 2014 contains a
“sunset clause” which provides for its operative provisions to expire at the end of
2016.9 Ministers and Shadow Ministers expressed the hope that the present Report
will assist Parliament’s consideration of whether the data retention and
extraterritoriality powers contained in DRIPA 2014 should be renewed beyond that
date.10
The broader context
1.6.
6
7
8
9
10
11
But as the wide terms of s7 confirm, the scope of this Review extends well beyond
the provisions of DRIPA 2014. The setting up of the Review reflects a broader political
context, including:
(a)
what law enforcement and intelligence bodies had identified as their reduced
coverage of electronic communications, as a consequence of:
the long-term shift from telephone communications via UK service providers
towards internet-based communications through overseas (especially US)
service providers; and
other technological changes, including the growth of secure encryption for
internet communications;11
For ease of reference, the term “service providers” is used to refer to: (1) companies which offer
communications services ([CSPs] properly so called), such as BT and Vodafone, (2) companies
providing internet access (commonly referred to as Internet Service Providers [ISPs]), such as AOL,
Virgin Media and Sky (collectively, technical readers will know these two categories as the four lower
levels of the OSI 7-layer model), and (3) companies which operate “over the top” [OTT] of an internet
connection (commonly called OTT providers or applications services providers), such as Facebook
and Twitter. Some CSPs are also ISPs. Some companies offer communications services, internet
access and OTT services (e.g. BT TV, over its own internet service). Reference is made to the
individual category of service provider where necessary. The term CSP is used when referring to both
CSPs and ISPs.
The Data Retention (EC Directive) Regulations SI 2009/859, which were adopted pursuant to the
European Communities Act 1972 [ECA 1972] s2(2). Regulations under the ECA 1972 depend upon
the existence of a valid EU instrument.
Explanatory Memorandum, para 32.
DRIPA 2014 s8.
Hansard, HC Debs, 15 July 2014, Col 714 (Theresa May) and Col 723 (Yvette Cooper).
See further, 4.41-4.65 below.
16