July 15, 2014

Are the UK breaking EU data retention laws?

This post was written by: Aston Bond Law Firm


In 2009, the Data Retention Regulations (SI 2009/859) were implemented by the Labour government in response to the 2006 EU Data Retention Directive which required the EU states to store citizens’ data for a minimum of six months, and for up to 24 months. In the UK, the current law is for Internet and phone providers to keep data for 12 months. However, the European Court of Justice declared the original 2006 law invalid in April 2014, it claimed; “it’s a serious interference with the right to privacy and the right to protection of personal data”. The previous EU Directive allowed the government to retain phone calls, text messages and internet messages for up to 18 months.

Since then, the UK has come under fire and is allegedly breaking the law by continuing to implement the Data Retention Regulations of 2009, despite the EU changing its policies. It is unclear as to why the government hasn’t forced Internet Service Providers and Communications Providers to change their policies, with the information it is providing to companies being described as unclear.


However, the UK has recently passed an ‘emergency’ Data Retention and Investigation Powers Bill. This Bill allows data to be intercepted from any ‘remote storage’ and for data to be retained for up to 12 months.

Critics have argued that this Bill allows the UK to expand its powers relating to data retention, under the justification of prevention of terrorism. The actions of the UK in not following the EU’s recently set policies are somewhat surprising. The ‘emergency’ law will still be in effect as late as 2016, so ISPs and communication companies will continue monitoring our calls, browsing and online activities.


Joel Chapman, Marketing Assistant