The Data Retention and Acquisition Regulations 2018 (the regulations) entered into force on 31 October 2018. The regulations concern the retention of communications data by telecommunications and postal operators and the acquisition of communications data by public authorities.

“Communications data” means data concerning a communication transmission, but not the content of the communication. For example, it includes the method of communication, and the sender and receiver of the communication, but excludes what was said or written.

Tele2 and Watson

The regulations were introduced following the Court of Justice of the European Union’s (CJEU) ruling on the Tele2 and Watson case in 2016, which found that the scope of the UK’s data retention regime was too wide to be compatible with European Union (EU) law.

The CJEU found that the retention and acquisition of communications data can only be justified where: (1) the objective is fighting serious crime, (2) only data that is “strictly necessary” is retained, and (3) the retained data is kept within the EU. There should also be independent administrative or judicial authorisation for the retention and acquisition of communications data. The CJEU therefore required the UK to limit the scope of its data retention regime.Continue Reading UK government introduces Data Retention and Acquisition Regulations 2018

On 20 November 2015 the UK’s Court of Appeal referred questions on data retention to the Court of Justice of the European Union (CJEU) following a challenge to the Data Retention and Investigatory Powers Act (DRIPA) 2014.

The referral to the CJEU is significant as it could finally provide clarification as to the application of the CJEU’s decision in Digital Rights Ireland, which found Directive 2006/24/EC (Data Retention Directive) invalid, and the extent to which Member States can impose national data retention obligations.
Continue Reading Could the UK see a shake-up of its Data Retention Powers? Questions referred to the CJEU

In April, the Court of Justice of the European Union (‘Court’) declared Directive 2006/24/EC on the Retention of Data to be invalid, creating uncertainty for telecommunications operators across the region. In a controversial move by the UK Government, the Data Retention and Investigatory Powers Act 2014 (‘Act’) has been passed using emergency procedures.

Formulated in

This post was written by Daniel Kadar.

A new regulation of the CNIL, dated 12 June 2012 and published on 13 July 2012, modifies the ways and means of collecting and processing client/prospect-related data.

  1. The regulation, issued as an amendment to the “Simplified Norm No. 48” [http://www.cnil.fr/en-savoir-plus/deliberations/deliberation/delib/184/], broadens the possibility for data controllers to