UK ISPs will be required to hand over records of customers’ internet surfing habits, including IP addresses and times of use, to police and intelligence agencies from Sunday.
As part of the EU Data Retention Directive, all ISPs must retain customers’ names, addresses and user IDs, as well as records of email and internet telephony communications, for a year.
ISPs have been given an extra 18 months to comply with the regulations after some smaller providers complained of a heavy administrative burden phone companies are already subject to the law.
The Internet Service Providers’ Association said most firms are ready for the legislation. “We have made our members aware of what is required and as far as we know they will all be compliant,” said a spokesman.
The legislation builds on existing voluntary arrangements the companies have with law enforcement agencies in the UK where information is freely provided.
The UK ISP industry has always maintained that the existing voluntary agreement was adequate and that the legislation would impose a disproportionate financial burden.
But some providers in foreign countries have not been so quick to co-operate, and the European Commission felt legislation was needed as terrorist organisations are increasingly using the internet as a communication tool.
ISPs in Ireland and Slovakia have tried to bring legal cases to prevent the laws being implemented, but have been unsuccessful.
Some respondents to the UK’s consultation on implementing the directive said they had had little or no dialogue with the Home Office concerning the complex issues of retaining data the Home Office has since set up an implementation group to help them comply.
And as a further olive branch to the industry, the government has said it will meet the additional costs of complying with regulations.
The data must be kept in a form that is easily accessible to law enforcement, but can only be disclosed in relation to specific cases meaning that agencies will not get free access to the records without providing a reason.
The Home Office said the laws for ISPs would be formally introduced on 6 April.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy