PL&B UK E-news, Issue 78

1. Local councils to have access to 12 months of telecoms and e-mail records

The Electronic Communications Data Retention (EC Directive) Regulations 2008 on the implementation of the European Union’s Data Retention Directive (2006/24/EC) propose that it will be compulsory for Internet service providers (ISPs) and telecoms companies to retain all communications data for a minimum of 12 months. Data retention powers will be much wider than expected. The Home Office has confirmed that local councils, emergency services, the Home Office, the Ministry of Defence, the Health and Safety Executive, the Food Standards Agency and the Post Office will have access to call, text, e-mail and internet records for 12 months.

The Home Office proposes that while these records would be available for a minimum of 12 months from the date of the communication, businesses could keep Internet related data for longer as long as they comply with the DP Act.

The regulations, if approved by Parliament, will take effect on 15 March 2009. The deadline for submitting responses to this consultation is 31.10.2008. Responses should be sent to

2. ICO commissions report on Privacy by Design

The Information Commissioner, Richard Thomas, announced yesterday that he has contracted with the Enterprise Privacy Group to research and write a report examining how organisations can build in privacy protection before implementing new initiatives and technologies.

He stresses that as more and more personal information is collected and shared, it is increasingly important that essential safeguards are put in place from the outset in order to protect against potential risks to individuals’ privacy. The research will cover the use of current privacy enhancing technologies.

Jonathan Bamford, Assistant Commissioner at the ICO, said: “For many years we have urged organisations to consider the impact on individuals’ privacy before developing new IT systems. However progress has been disappointing. In our view, organisations could be doing more to protect individuals’ privacy by adopting ‘privacy by design’.

“Very often the collection and use of personal information is essential and beneficial to modern life, but it is important for individuals’ privacy to be a consideration in the planning stages of any new project.”

The completed report will be published at an ICO conference entitled ‘Privacy by Design’ at the Lowry Hotel, Manchester on the 26 November 2008. Further details can be found at

The report will concentrate on why there have not been better levels of adoption; the barriers to adoption; and what can be done to improve the situation.

The Enterprise Privacy Group welcomes expressions of interest from individuals or organisations who wish to contribute to the project. These contributions can be in the form of:

documents, white papers, web links to relevant information;
meetings and interviews;
participation in a workshop in London on 15 September 2008.
The Enterprise Privacy Group is an association of organisations working in partnership to understand privacy and identity-related issues and to achieve collaborative solutions. For more information, visit

See more information on this project.

3. Google Streetview is acceptable, says ICO

Following further meetings with Google about its launch of the Streetview service in the UK, the Information Commissioner is now satisfied that the company is taking care of privacy concerns.

The ICO issued the following statement on 17 July: ‘We are satisfied that Google is putting in place adequate safeguards to avoid any risk to the privacy or safety of individuals, including the blurring of vehicle registration marks and the faces of anyone included in Streetview images. Although it is possible that in certain limited circumstances an image may allow the identification of an individual, it is clear that Google are keen to capture images of streets and not individuals. Further there is an easy mechanism by which individuals can report an image that causes them concern to Google and request that it is removed. Images are not 'real time' and there is a delay between taking an image and its publication so that it could not be used to make decisions about an individual's current whereabouts.'

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2008