Transcription of Communications Data - GOV.UK
1 Communications Data Code of Practice November 2018 Communications Data Code of Practice November 2018 Crown copyright 2018 This publication is licensed under the terms of the Open Government Licence except where otherwise stated. To view this licence, visit Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned. This publication is available at Any enquiries regarding this publication should be sent to us at ISBN 978-1-78655-734-6 . Communications Data Code of Practice 1 Contents Section 1: Introduction 1 Introduction 5 2 Scope and definitions 7 Telecommunications operator and postal operator 7 Composition of Communications 10 Communications data 10 Content 16 Web browsing and Communications data 17 Relevant Communications data 18 Internet connection records 19 Third party data 20 Guidance on definitions 21 Section 2.
2 Communications data acquisition and disclosure 3 General extent of powers 23 Considerations regarding necessity 23 Considerations regarding proportionality 25 Considerations regarding seriousness 27 Trade Unions 28 4 Roles 29 The applicant 29 The single point of contact 29 The Senior Responsible Officer 30 The authorising individual 31 5 Application process 33 Overview 33 Making an application 33 Process that SPoC will go through 34 Authorisation of applications 36 Urgent granting of an authorisation 37 Refusal to grant an authorisation 39 6 Authorisations 41 Notices in pursuance of an authorisation 45 7 Duration, renewals and cancellations 48 Duration of authorisations and notices 48 Renewal of authorisations 48 Cancellation of authorisations 49 8 Further restrictions and requirements in relation to applications 51 Local authority procedures 51 Communications data involving certain professions 52 Novel or contentious acquisition 58 Communications Data Code of Practice 2 Public authority collaboration agreements 59 9 Considerations in relation to the acquisition of internet data 60 Internet connection records 60 Identifying the sender of an online communication 62 10 Special rules on the granting of authorisations and giving of notices in specific matters of public
3 Interest 66 Sudden deaths, serious injuries, vulnerable and missing persons 66 Public Emergency Call Service (999/112 calls) 66 Malicious and nuisance Communications 68 11 The request filter 70 Authorisations 70 Making use of the request filter 71 Data management 72 Oversight and reporting 73 12 Technical Capability Notices 75 Consultation with operators 76 Matters to be considered by the Secretary of State 77 Giving a notice 78 Disclosure of technical capability notices 79 Regular review 80 Variation of technical capability notices 81 Revocation of technical capability notices 82 13 General safeguards 83 Disclosure of Communications data and subject access rights 84 Acquisition of communication data on behalf of overseas authorities 85 Disclosure of Communications data to overseas
4 Authorities 87 14 Notification 88 Duty to consider notification 88 Notification of serious errors under the Act 88 Notification in criminal proceedings 88 15 Compliance and offences 90 Offences 90 Section 3: Communications data retention 16 General extent of powers 94 Necessity and proportionality 94 17 Giving of data retention notices 96 Process for giving a data retention notice 96 Criteria for issuing a data retention notice 96 Consultation with service providers 97 Matters to be considered by the Secretary of State 98 Judicial Commissioner Approval 99 Giving a notice 100 The content of a data retention notice 100 Generation & processing of data 101 Communications Data Code of Practice 3 Retention period 102 18 Review, variation and revocation of retention notices 104 Regular review 104 Variation 105 Revocation 106 19 Security.
5 Integrity and destruction of retained data 107 Data security 108 Data integrity 109 Principles of data security, integrity and destruction 109 Additional requirements relating to the destruction of data 112 Additional requirements relating to the disposal of systems 112 Location of retained data 112 20 Disclosure and use of data 114 Disclosure of data 114 Use of data by telecommunications operators and postal operators 114 21 Compliance 116 Disclosure of a retention notice 116 Section 4: General matters 22 Costs 118 Making of contributions 118 Contributions of costs for the acquisition and disclosure of Communications data 118 Contributions of costs for the retention of Communications data 119 General considerations on appropriate contributions 120 Power to develop compliance systems 121 23 Referral of technical capability and data retention notices 122 24 Keeping of records 123 Records to be kept by a relevant public authority 123 Records to be kept by a telecommunications operator or postal operator (acquisition)125 Records to be kept by a telecommunications operator or postal operator (retention)
6 126 Errors 126 Excess Data 130 Reporting of errors to the Information Commissioner 130 25 Oversight 132 The Investigatory Powers Commissioner 132 The Information Commissioner 133 Enforcement of integrity, destruction and security standards 134 26 Contacts / Complaints 136 General enquiries relating to Communications data retention and acquisition 136 Complaints 136 Communications Data Code of Practice 4 Section 1 Introduction Communications Data Code of Practice 5 1 Introduction This code of practice relates to the exercise of functions conferred by virtue of Parts 3 and 4 of the Investigatory Powers Act 2016 ( the Act ). Section 2 of this code provides guidance on the procedures to be followed when acquisition of Communications data takes place under the provisions in Part 3 of the Act ( Part 3 ).
7 Section 3 of this code provides guidance on the procedures to be followed when Communications data is retained under Part 4 of the Act ( Part 4 ). Sections 1, 2 and 4 of this code are relevant to relevant public authorities within the meaning of the Act and to telecommunications operators and postal operators. The relevant public authorities are those public authorities that can acquire Communications data. They are set out in Schedule 4 to the Act. Section 12 of the Act (with Schedule 2) abolishes or amends other information gathering powers in law which provided for access to Communications data without appropriate safeguards. Accordingly, relevant public authorities for the purposes of Part 3 should not use other statutory powers to obtain Communications data from a postal or telecommunications operator unless that power: is authorised by a warrant or order issued by a person holding judicial office; or deals with telecommunications operators, postal operators, or a class of such operators and can be used either: o in connection with the regulation of telecommunications operators, telecommunications services or telecommunication systems, or postal operators or services;1 or o to acquire Communications data relating to postal items crossing the United Kingdom border.
8 Such powers should only be used to obtain Communications data from a telecommunications operator or postal operator where it is not possible for the public authority to obtain the Communications data under the Act2. Relevant public authorities should also not require, or invite, any postal or telecommunications operator to disclose Communications data by relying on any exemption to restrictions on disclosing personal data under relevant data protection legislation. Sections 1, 3 and 4 of this code are relevant to telecommunications operators and postal operators who have been given a data retention notice under Part 4. This code should be readily available to members of a relevant public authority involved in the acquisition of Communications data under the Act, and to 1 The Office of Communications (OFCOM) or a statutory co-regulator it approves may, for example, use powers conferred by or under Part 2 of the Communications Act 2003 to obtain Communications data from a telecommunications operator for the purpose of carrying out the regulatory functions given to them under that Part of that Act.
9 2 Section 12(3) provides that regulatory powers and powers to acquire postal Communications data in relation to items crossing the border may only be exercised by the public authority if it is not possible for the public authority to use a power under the Act to secure the disclosure of the data. Communications Data Code of Practice 6 telecommunications operators and postal operators involved in the retention of Communications data and/or its disclosure to public authorities under the Act. The Act provides that persons exercising any functions to which this code relates must have regard to the code, although failure to comply with the code does not, of itself, make a person liable to criminal or civil proceedings.
10 The Act provides that the code is admissible in evidence in criminal and civil proceedings. If any provision of the code appears relevant to a question before any court or tribunal hearing any such proceedings, or to the Investigatory Powers Tribunal ( IPT ) or to the Investigatory Powers Commissioner ( IPC ) or the Information Commissioner when overseeing the powers conferred by the Act, it may be taken into account. The Interception of Communications Code of Practice, Bulk Acquisition Code of Practice and Equipment Interference Code of Practice provide guidance on procedures to be followed in relation to those Parts of the Act. The exercise of powers and duties under Parts 3 and 4 of the Act and this code are kept under review by the IPC appointed under section 227 of the Act and by his Judicial Commissioners and inspectors.