Data retention in the UK: Pragmatic and proportionate, or a step too far?

On 6 April 2009 new legislation came into force, for the first time putting Internet service providers' duty to retain significant amounts of data (relating to customers' email and Internet usage) on a compulsory, as opposed to a voluntary footing. It is a topic which has provoked intense protest from the privacy lobby and fuelled months of “Big Brother” headlines in the press. For the industry it raises operational challenges – how to facilitate storage and retrieval of colossal amounts of data. In this article we consider the policy background to the regime, the detail of the UK implementation and the practical implications for communications service providers. We weigh up the privacy and human rights concerns against the business case put forward by the Government. We also examine the Government's proposals – announced at the end of April – to significantly extend and “future proof” this regime in the form of its Intercept Modernisation Programme.