The Data Retention and Acquisition Regulations 2018 (the regulations) entered into force on 31 October 2018. The regulations concern the retention of communications data by telecommunications and postal operators and the acquisition of communications data by public authorities.
“Communications data” means data concerning a communication transmission, but not the content of the communication. For example, it includes the method of communication, and the sender and receiver of the communication, but excludes what was said or written.
Tele2 and Watson
The regulations were introduced following the Court of Justice of the European Union’s (CJEU) ruling on the Tele2 and Watson case in 2016, which found that the scope of the UK’s data retention regime was too wide to be compatible with European Union (EU) law.
The CJEU found that the retention and acquisition of communications data can only be justified where: (1) the objective is fighting serious crime, (2) only data that is “strictly necessary” is retained, and (3) the retained data is kept within the EU. There should also be independent administrative or judicial authorisation for the retention and acquisition of communications data. The CJEU therefore required the UK to limit the scope of its data retention regime.