The Data Retention (EC Directive) Regulations 2009

Reference: UK/2009/SI/859

The Data Retention (EC Directive) Regulations 2009 set out the UK's regime for retaining communications data for specific purposes which include the prevention and detection of crime and terrorism, economic well-being and national security.

The rules directly affect communications services providers. They deploy retention software across their systems and networks to meet both business and regulatory retention requirements. However, organisations also need to be aware of the retention regime when managing staff use of communications.

European directive

The Data Retention (EC Directive) Regulations 2009 implement Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks (‘Data Retention Directive’) and amending Directive 2002/58/EC on Privacy in Electronic Communications.

UK implementation

The Data Retention (EC Directive) Regulations 2007 implemented the Directive for fixed network & mobile telephony only. The UK postponed the Directive’s application to communications data retention relating to Internet access, Internet telephony & Internet e-mail. These new Regulations now implement the Directive with respect to this data, and revoke the 2007 Regulations.

Retention period

All communications data must now be retained for 12 months. The Regulations do not deal with the retention of the content of an electronic communication.