Skip to main content

Data Retention Regulations 2014

Volume 755: debated on Tuesday 29 July 2014

Motion to Approve

Moved by

That the draft regulations laid before the House on 21 July be approved.

Relevant documents: 7th Report from the Joint Committee on Statutory Instruments, 7th Report from the Secondary Legislation Scrutiny Committee

My Lords, the regulations are made under the Data Retention and Investigatory Powers Act, which became law two weeks ago. They provide the detail of how communications providers can be required to retain data and the increased safeguards that will be in place for these data. They therefore form part of a wider package of protection, oversight and reviews—reviews that will be informed by, and inform, a wider public debate on these important issues.

At this point, I reiterate my thanks for the constructive approach taken by noble Lords during the passage of the Act, in particular the noble Baroness, Lady Smith of Basildon, and her colleagues on the Opposition Front Bench.

These regulations relate specifically to communications data. That means the context of a communication—the who, where, when and how of a communication—and not the content. The regulations maintain the status quo, allowing those investigating such crimes to continue to have access to the evidence they need. They add no new powers; rather, they increase safeguards.

As I told the House when we debated the Act a fortnight ago, these regulations and the additional safeguards form a crucial part of our response to the European Court of Justice judgment on the EU data retention directive. That judgment called into question the legal basis for the retention of data in the UK, and these new regulations made under the Act play a key part in ensuring a new sound footing for retention. Therefore we need to have them in place before the House rises.

The regulations we are debating today are substantially the same as those we made available to Parliament during debates on the Act. As noble Lords may be aware, the Joint Committee on Statutory Instruments has done its usual helpful work with great speed, and I am grateful to it. Equally, I must thank my noble friend Lord Goodlad, and the members of the Lords Secondary Legislation Scrutiny Committee. They too have swiftly reviewed and reported on the regulations.

I now turn to the detail of the regulations. They will revoke and replace the 2009 data retention regulations. They will provide the detail and safeguards for data retention notices to be issued to communications providers under the Data Retention and Investigatory Powers Act. Such notices will be issued where necessary and proportionate. Under the new regulations, existing notices under the 2009 regulations will remain in force until the end of the year unless revoked. The regulations are categorical as to the types of data that communications providers may be required to retain, and these are a small subset of all the communications data that providers generate and process. These data types are no different from those covered under the 2009 regulations. Similarly, as with the 2009 regulations, security controls and provisions for financial compensation for providers are included in these regulations.

The key elements of the new regulations are the enhanced safeguards. The regulations make plain certain matters that have to be taken into account before the Secretary of State may issue a retention notice. To be clear, I state that Ministers have always taken their responsibilities when issuing notices very seriously. These regulations now set out key considerations on the face of legislation.

The regulations require the Government to take reasonable steps to consult providers before issuing them with a retention notice. Again, we have always consulted providers and have always worked closely with them as they undertake their obligations under the law. This is now included on the face of the regulations. The retention notices must also be kept under review. Further, the regulations will help us to work with communications providers by making a new data retention code of practice. In this code we will set out the best practice guidance for implementing data retention obligations.

The regulations now stipulate that a notice may require the retention of data for a maximum of 12 months. We have evidence that 12 months is an appropriate length of time for retaining data, including, as my right honourable friend the Home Secretary told the Commons during the debate on the Bill, the fact that half of communications data used in child abuse investigations is more than six months old. However, in circumstances where it is appropriate to retain data for less than 12 months, these regulations provide the flexibility to reduce the retention period.

As noble Lords who closely followed the debates on the draft communications data Bill will be aware, there was disagreement on the scope of the duties of the Information Commissioner in the 2009 regulations. These new regulations clarify that his duties include oversight of the security of data, the integrity of data and the deletion of data at the end of their retention. Further details on this oversight will also be specified in the new retention code of practice. In addition to these safeguards, we will be adding further protections that are not on the face of these regulations. These include amending the Acquisition and Disclosure of Communications Data Code of Practice to increase clarity and to reduce the number of bodies with access to communications data under RIPA.

As was discussed at length in this Chamber a fortnight ago, the Data Retention and Investigatory Powers Act will expire on 31 December 2016. There is no room to extend this sunset clause and these regulations will fall when that Act falls. Therefore, this House will need to return to these topics after the general election. To inform the debate ahead of new legislation, the Act requires the Interception of Communications Commissioner to produce half-yearly reports and requires a review of investigatory threats, capabilities and safeguards. David Anderson QC, the current independent reviewer of terrorism legislation, will undertake this review. These, in turn, will provide crucial background information for a Joint Committee of Parliament, sitting after the next election.

These regulations do not extend existing powers and they do not introduce elements of the draft communications data Bill. As my right honourable friend the Home Secretary has made clear, this Government still believe that the powers contained in that draft Bill are necessary to allow effective policing in the 21st century. The Government have begun the process of a wider review of investigatory powers. In combination with this, the sunset clause in the Act will require us, and for that matter those who disagree with us, to give these issues proper consideration once the review process has concluded, and after the general election next year. This will enable us to ensure that the legislative regime in this important area properly balances our rights to privacy and security.

These regulations, as with the Data Retention and Investigatory Powers Act which underpins them, add safeguards while otherwise maintaining the status quo. Maintaining the status quo is, however, an important job—these are vital regulations. The data that will be retained under these regulations are critical for the police and the security services to continue to do their job in keeping this country and those who live here safe. I commend these regulations to the House and I beg to move.

My Lords, as a Liberal Democrat and a former senior police officer I am acutely aware of the need to balance privacy and security. In these regulations, as my noble friend the Minister said, the Government appear to be maintaining the status quo with some additional safeguards, going a little further for example in enshrining what has been best practice to date into the new regulations. Pending the wholesale review of the Regulation of Investigatory Powers Act and related legislation, which we successfully negotiated with the Government and the Labour Party in the other place managed to get into the primary legislation, it is the best that we can do in the circumstances. On that basis we support the passing of these regulations.

My Lords, I have been through these regulations and the Explanatory Memorandum with some care and I have also taken the trouble of ascertaining the views of David Anderson QC, the independent reviewer to these regulations. There were a number of unanswered questions during Second Reading recently, particularly relating to the future role of the independent reviewer of terrorism legislation. I look forward to receiving a response from my noble friend the Minister to those questions in due course, I suspect when the answers are clearer than they were at Second Reading. However, I am totally satisfied that these regulations do the absolute minimum to give effect to the minimum requirements of the Government. The regulations provide every possible safeguard there could be in all the circumstances and I, too, hope that the House will support them.

My Lords, I am grateful to the Minister for the care he has taken in going through the detail today and to other noble Lords who have added their comments. I do not think it is necessary to repeat the arguments and debate we had during the passage of the Bill. We recognise, of course, the necessity for retaining data information and when tackling serious and organised crime. We made that clear. The noble Lord, Lord Paddick, referred to our amendments in the other place. We think they improved the legislation and safeguards for the future. A complete review of RIPA was extremely important. We are very grateful that the Government accepted those.

As always, we have to be certain why and how we are collecting information. I think it is also clear that not only is that needed but these regulations were needed. When we had the debates in your Lordships’ House, the Constitution Committee recommended that these regulations did not wait until after the Summer Recess and I am grateful that the Government took that on board. We agreed with the committee and I am glad that the Government did. It makes sense and it is entirely appropriate that we have these regulations before us prior to the Summer Recess.

I have a couple of points that need clarification, if the Minister can help me. I think I am getting slightly confused on the six-monthly review about the roles of the Information Commissioner and the Interception of Communications Commissioner. Can he clarify what the relationship will be between them in undertaking the six-monthly review? Can he also confirm that when they review the legislation, because we have not had the time that we would normally have for consultation on these regulations, they will have the opportunity to review the operation of the regulations as well?

I am grateful to the Minister for making it clear and I think other noble Lords have added their expertise to that. Nothing in these regulations goes beyond the status quo and it is clear the Government have done the minimum necessary in the legislation. However, as he said, there will be further regulations required that extend the safeguards. Something we debated and discussed at some length—with differing views—was access to information. The Minister will recall the comments of the noble Lord, Lord Blencathra, and my noble friend Lord Rooker on this and how important it is that information is used appropriately, as well as the value of it. I know there are further regulations to come. Could the noble Lord say something about when we will see those regulations and what opportunity there will be for consultation on them? Can he also confirm that they will be approved by the affirmative procedure?

We are grateful to the Minister for bringing these regulations before us today before the Summer Recess. They have our support.

My Lords, I thank noble Lords who have spoken on this. There has been a general welcome for these regulations, as there was for the Bill in general. I appreciate the support of the House in what has been a difficult matter for Parliament to resolve satisfactorily, and I believe it has done that. I say to the noble Baroness, Lady Smith, that the regulations have passed in the House of Commons and so, with their passage through this House today—should that be the will of the House—they will come into force immediately. I am sure that is the wish of the House.

I am very grateful for the welcome given by the noble Lord, Lord Paddick, who knows how important this particular facility is in the pursuit of crime. The noble Lord, Lord Carlile, speaks of course with a great deal of authority on this issue, and I am pleased that he has spoken with his successor, David Anderson, about the impact of these matters. I assure noble Lords that the correspondence which I promised at Second Reading is in the course of being prepared. I hope that it will provide suitable holiday reading for noble Lords when they go.

The Interception of Communications Commissioner has a direct role in these regulations, as noble Lords will know. Following amendments that were tabled in the House of Commons, this was included in the Act. The half-yearly reports mean that the Interception of Communications Commissioner’s functions will include reviewing and reporting to us on a six-monthly basis. That is important. David Anderson, the current independent reviewer of terrorism legislation, will also be undertaking his review of the investigatory effects, the effectiveness of the safeguards and the capabilities. Both of these reports or reviews will provide us with further guidance for considering this matter when we return after a general election. We will consider those reports and, indeed, the report of the Joint Committee that I hope will be set up by any future Parliament so that, when the sunset on the existing Act occurs, on 31 December 2016, there will be a proper succession of this important facility to keep us safe for the future.

I am sorry to interrupt the noble Lord. I asked the question because I thought that, when he spoke, he mentioned the Information Commissioner and not the Interception of Communications Commissioner. I was trying to get to the relationship between each of them when it comes to undertaking the six-monthly review.

The Information Commissioner has a role, as has been made clear. However, it is a continuing role in investigating this; it is not a question of reports or reviews. The six-monthly review is done by the Interception Commissioner, and the oversight of retained data in respect of security and deletion is a matter for the Information Commissioner. I will repeat that, because I may have got muddled in saying it: the six-monthly review is with the Interception Commissioner, while the oversight of retained data in terms of security, integrity and deletion is with the Information Commissioner. There are two different functions: one is about the review of the process, the other is about a continuing commitment to make sure that information is not retained which should not be retained. I hope I have made that clear; I am sorry for the confusion in making it so.

Motion agreed.