What emergency data law means for you
- 10 July 2014
- From the section Technology
The UK is set to push through an emergency law so it can continue to have access to people's phone and internet records.
A European Court of Justice (ECJ) ruling earlier this year meant the powers to retain this data were under threat.
Prime Minister David Cameron said if the information were to be deleted, or no longer collected, it would seriously impede the UK's ability to fight crime and protect the country against terrorism.
However, privacy campaigners said it was another encroachment on the rights of people not to have their communications monitored.
Here is an explanation of the new law, and what it means to people who live in the UK.
What is the emergency legislation?
The legislation is primarily aimed at the companies that provide us with telephone and internet connections.
It outlines their legal obligation to retain "communications data" on their customers. This metadata includes things like logs of when calls were made, what numbers were dialled, and other information that can be used, the government says, in investigations. It does not include the content of the communications.
The legislation also covers "legal intercept" rules. This is when authorities are able to listen in to the content of communications. This can only legally take place with a warrant signed by either the foreign secretary, the home secretary, the secretary of state for Northern Ireland, the defence secretary or the cabinet secretary for justice for Scotland.
The law has a "sunset clause", which falls at the end of 2016. When this happens, the law must be looked at again by the government at the time.
Additionally, a Privacy and Civil Liberties Oversight Board will be set up to advise on government policy on counterterrorisim.
A transparency report will, each year, list the number and type of requests made to communication firms under the new law - similar to the way in which Google, Facebook and other technology firms publicise their actions relating to user privacy.
Why is it being introduced?
The government said it needed to urgently put in place new laws to "plug a hole" in legislation following a ruling by the European Court of Justice.
The ECJ decided in April this year that communications service providers - the companies that get us online or set up our calls - did not have to adhere to the 2006 Data Retention Directive.
That directive, made in the wake of terrorist attacks in Madrid, London and New York, said that communications firms should keep data about the public's activities for between six and 24 months.
With the Data Retention Directive in effect binned by the European court, communications companies in the UK have been applying pressure on the government to clarify their legal requirements for storing customer data.
The emergency legislation, the prime minister said, is that clarity.
Will it mean the government can listen in to my calls? Can it see what I'm doing online?
Not exactly. The vast majority of people will only have data collected on things such as the time a call is made and the number that was called - not the actual contents of that communication.
The government has said this is particularly useful in double-checking alibis, or tracking 999 calls when a mobile phone has run out of battery.
But the emergency law does go further - the law reinforces the ability of authorities to carry out what is known as a "legal intercept". This is when a target is identified for additional monitoring - including listening in to phone calls and other communications.
Only certain authorities are able to gain information this way, as covered by the Regulation of Investigatory Powers Act (Ripa). As part of this new law, the number of organisations that are allowed to intercept calls is to be reduced.
All interceptions still require a warrant.
It is worth pointing out, however, that this law does not deal with separate interception and monitoring activities carried out by the UK's intelligence agency, GCHQ.
Who opposes this legislation?
The issue of how much power governments should have to store data on its citizens has dominated global debate since the revelations made by whistleblower Edward Snowden about mass surveillance by the US and other governments.
Campaigners against this kind of data retention have, since the April ruling, been applying huge pressure on communications companies to stop retaining their data. More than 1,500 letters were sent to companies by campaigners, the Open Rights Group told the BBC.
The letters threatened to take further action unless their data was deleted and no longer collected - citing the European court decision as justification.
It is an escalation of this pressure that a source close to one UK communications company said was behind the emergency passing of this law.
While no communications companies are understood to have deleted any data, it is understood the firms - in the face of mounting pressure from campaigners - were pressing the government to act quickly to clarify the law.
The Open Rights Group has not launched legal action against communication firms, but it had signalled its intention to report the companies to the UK's data protection authority, the Information Commissioner's Office.
Jim Killock, from the Open Rights Group, said: "The government knows that since the ECJ ruling, there is no legal basis for making internet service providers retain our data so it is using the threat of terrorism as an excuse for getting this law passed.
"The government has had since April to address the ECJ ruling but it is only now that organisations such as ORG are threatening legal action that this has become an 'emergency'."
Follow Dave Lee on Twitter @DaveLeeBBC