CHAPTER 15: RECOMMENDATIONS
(b)
as recommended by the Police Ombudsman for Northern Ireland in his report
of 30 October 2014 on the Omagh bombing, there is “absolute clarity as to how
specific aspects of intelligence can be shared in order to assist in the
investigation of crime”.
11.
Breach of Codes of Practice should not automatically constitute a criminal offence:
any new criminal offence or enhanced penalty (cf. JCDCDB Report paras 227 and
229; ISC Report, Recommendation T) should be specifically identified in the new law.
12.
The definitions of content and of communications data, and any subdivisions, should
be reviewed, with input from all interested parties including service providers,
technical experts and NGOs, so as to ensure that they properly reflect both current
and anticipated technological developments and the privacy interests attaching to
different categories of material and data. Content and communications data should
continue to be distinguished from one other, and their scope should be clearly
delineated in law.
CAPABILITIES
Compulsory data retention
13.
ATCSA 2001 Part 11 should be repealed, and the voluntary code of practice issued
under it should be withdrawn.
14.
The Home Secretary should be able by Notice (as under DRIPA 2014 s1 and CTSA
2015 s21) to require service providers to retain relevant communications data for
periods of up to a year, if the Home Secretary considers that the requirement is
necessary and proportionate for purposes laid down in Article 15(1) of the e-Privacy
Directive.
Communications Data Bill
15.
In relation to the subject matter of the 2012 Communications Data Bill, Government
should initiate an early and intensive dialogue with law enforcement and CSPs in
order to formulate an updated and coordinated position, informed by legal and
technical advice, on the operational case for adding web logs (or the equivalent for
non-web based OTT applications) to the data categories currently specified in the
Schedule to the Data Retention Regulations 2014 for the purposes of:
(a)
resolving shared IP addresses or other identifiers (in particular, to identify the
user of a website);
(b)
identifying when a person has communicated through a particular online
service provider (so as to enable further enquiries to be pursued in relation to
that provider); and/or
(c)
allowing websites visited by a person to be identified (to investigate possible
criminal activity).
287