Pat,

The point of control of the data still seems valid though., regarding
personal data.

There is a distinct difference in the legislation as I understand it between
telecommunications data and e-mail messages.

e-mail messages being the data, including plain language address data input
by the originator.
telecommunications data being the technical information on despatching,
routing and receipting, created by the telecommunications network.

Notwithstanding my low level of technical knowledge in this area (aware of
only a few technical issues) the above general differentiation seems valid.

Data controllers are required to exercise their responsibilities for
personal data by the Data Protection Act.
The data controller for e-mail messages appears to be the originator. (Or
originating organisation.)
The ISP and telecommunications providers appear to be merely carriers of the
information.

Using an analogy with registered letters sent via the post office,
retention of transmission, routing and receipting occurs, but never the
content of the letters.  This recording only happens where the sender (data
controller) requests that service to be used.  The post office are the data
controllers of the transmission, routing and receipting data and the sender
the controller of the letter/package content, with the addressee and sender
being controlled by each with regard to its own function.

The technological developments cause e-mails to fall into the same category
as registered mail, but e-mail originators create content of e-mails which
is often little more than a brief passing comment.  The same issues no doubt
apply to text messaging on mobile phones and pagers.  The use of the
addressee/sender data which was restricted by the post office to merely the
administration of the delivery is now seen as a marketable commodity.  The
commodity value being the cause of the pressures on individual privacy in
this area.

That legislation is needed to give guidance on the retention and use of that
telecommunication traffic data is evidenced by the huge discrepancies in its
current retention and use.  Notwithstanding that, it would be wrong if there
were a crossover which muddied the water regarding traffic type data and
communications content type data any more than it is at the moment.

Many thanks for the links.  I look forward to reading them and bringing
myself up to date in this area.


Ian W

----- Original Message -----
From: <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, January 26, 2001 8:28 AM
Subject: Re: ISP's retention of Internet e-mail


> Ian,
>
> The report to which you refer may be confusing the RIPA with a report
issued
> by the deputy Director General of NCIS in which the dDG asked Government
to
> introduce legislation requiring 'communications service providers' to
retain
> data for up to 7 years - something which is totally unacceptable.  The
Home
> Office have just rejected the NCIS proposals.
>
> Access to 'communications data' will be regulated by PartII of RIPA when
it
> comes into force this April.  All law enforcement agencies (and other
bodies
> authorise under RIPA) will have to submit a 'notice' requiring CSPs to
> supply comms data - the notice can also require CSP to retain data for one
> month (extendable for one month again). If a CSP doesn't hold data it
can't
> supply it!
>
> I used to be with BT Internet for my sins - BT internet keep comms data
for
> 3years! Why -they couldn't answer this and so I decided to take my custom
> elsewhere.
>
> The DPA obviously plays a role in how long a data controller retains data
> but I would respectfully suggest that other EU and UK privacy legislation
> plays a greater role in the context of comms data and especially a
proposed
> privacy directive currently being debated by the EU parliament see: the
> processing of personal data and the protection of privacy in the
electronic
> communications sector
> http://europa.eu.int/ISPO/infosoc/telecompolicy/review99/com2000-385en.pdf
> and Article 29 Working party papers on the same + a report on privacy on
the
> Internet see
>
http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/index.htm
>
> I hope this has been of some help
>
> Pat
>
> -----Original Message-----
> From: Ian Welton [mailto:[log in to unmask]]
> Sent: 25 January 2001 20:58
> To: [log in to unmask]
> Subject: ISP's retention of Internet e-mail
>
>
> A recent article in Network News 24 January 2001 "ISP'S stage debate over
> government's frustrating RIP Act" indicates the difficulties and
> frustrations ISP's are experiencing with complying with that legislation
and
> the retention of e-mails for 7 years.
>
> There seems to be a significant data protection implication in this
> retention.
>
> ISP's have for years argued successfully that they do not control the
> internet users data on their sites.  The control of that data, including
> e-mails rested with the users, not the ISP's.
>
> Internet users within the EU have to apply the European data protection
> directive.  That directive requires data controllers (Internet Users in
this
> context) to retain their data for no longer than necessary.
>
> The retention of personal e-mails sent by myself, via my ISP, is something
I
> have taken the trouble to find out about in order to ensure compliance
with
> that principle.  Workwise I had need to do the same because of subject
> access and addressing ISP retention periods by encouraging an adjustment
of
> suppliers is an ongoing task.
>
> If data is to be retained by ISP's for 7 years, irrespective of the data
> controllers wishes or requirements, what is the effect of that on control
of
> the data?
> Does the ISP become the controller,  if so why and how?
> If not how can retention be justified for 7 years?
>
> IanW