The legislation is designed to support authorities to use technological advances to keep track of criminals. The new legislation will increase the powers which effectively allow the authorities and the government to force communication service providers to generate and retain information about its users for a longer period of time. On the surface, those law abiding citizens will find that such legislation will not pose a significant hindrance to their normal activities. The authorities are not going to judge you on your latest online habits unless your internet history flags up serious concerns. The secrets of your weekly online shopping are therefore probably not going to make any headlines.
For online service providers, however, there may be significant implications to their business. Below are a few considerations to bear in mind.
Definition of telecommunications operator
BT, Vodafone, EE all spring to mind. However, for the purpose of this legislation ‘telecommunications operator’ is anyone who operates an electronic communication system. This includes all internal and/or live chat functions integrated on websites and application technology. If your business falls within this category it is important to understand what you are expected to do under the law.
Existing legislation stipulates that public communications providers are required to retain some types of telephony and internet related communications data, generated or processed in the UK in connection with their business, for 12 months. You can find more explanatory notes about the legislation here: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/228824/8359.pdf. The new proposed legislation would extend this obligation to require telecommunications operators to obtain and retain data they would not normally retain for their business for a period of up to 12 months.
The legislation is unclear on the exact data it is seeking to obtain and is assumed to be drafted as it is as a catch-all to serve whichever purposes are deemed to be within the ‘public interest’. This can put telecommunications operators in an awkward position when it comes to compliance. SMEs as well as huge conglomerates are in the business of catering for their own needs and those of their customers, not those of the government. Expecting them to look out for all the bad things is a big ask and responsibility that a lot of businesses just don’t want on their plate. Further, this is likely to put a material strain on infrastructure as businesses will need to have space to store all this data for the required period which may well increase their overheads.
We are all now acquainted with the ‘cookie laws’ because we are prompted by a consent dialogue on most websites we visit on a daily basis. On the privacy side of things we might find it acceptable to receive the odd bit of targeted advertising and unwanted newsletters from our information being palmed off to third parties. However, the criminal perspective placed on the Snooper’s Charter might make a lot of people feel nervous as frankly no one wants to be branded a criminal.
The real problem here is that where a third party advertiser will pay you for anonymised information for the purpose of targeting products at said consumers, a data request from the authorities will likely have no commercial benefit and may even cause significant tension between you and your clientele. How the data is processed is not something that your business or the consumer will be privy to. This might deter users or even damage brand reputation in the long run. A suggestion would be to make your policies clear from the onset so that users of your brand know where they stand. Remember, no one likes to be spied not least by your shopping basket.