by Graham Pierrepoint
In a month where it was announced that the British government passed through legislation that will require all UK internet service providers to retain usage data and website visits from its users to provide to a wealth of public services and agencies – in the event of criminal investigation or related matters – many people have taken to the internet to voice their opposition to such legislation going through. The bill simply requires royal assent from the Queen later this year, and it will be seen as law – and with petitions going up by the hour, it’s clear that this is a law that will be opposed by users and tech firms alike. But how will the law be implemented, and indeed followed up on by major service providers?
A Wired article from December 2015 advises that, even in the early stages of the bill being discussed, several ISPs such as Virgin, Sky and BT were concerned as to how long it would take for the firms to collect the data expected by the government – and that not nearly enough money had been set aside for procedures to be initiated successfully. While it’s thought that many ISPs retain a certain amount of usage data from users, it is done so in accordance with EU law and statistics are largely acquired for data analysis purposes. All three firms, too, have stringent privacy policies which clearly outline exactly where they stand on the retention of data.
However, the type of data being requested by the government is slightly different – they are requesting for detailed logs of websites visited to be kept for up to twelve months at a time, and ISP representatives have advised that this will likely require provisioning an entirely new system and framework to bring such collection into play – with the Wired article paraphrasing that we may not be seeing data starting to be collected until 2018 at the earliest. What does this mean for the average internet user?
For now, it means not to panic – the bill still clearly outlines that user data will only ever be accessed and used under strict authority and stringent processes – but even then, many are still greatly concerned that the mere act of retaining such private records is an invasion of privacy on a whole new scale, and that they may be at risk from hackers. As a bill that may face further opposition from several tech industry representatives once it has come into force, it is unlikely that we have heard the last of it – but it may be a while before we are governed by it.