Mrs May

- Hansard -

Copy Link

- - Excerpts

That sounds to me like something that is best left between the hon. Gentleman and the Chairman of the Home Affairs Committee. Prudence suggests that I should move on rather than respond to that.

We have just had a debate on the business motion, in which my hon. Friend the Minister for Security and Immigration set out the reason for the timing of this legislation, so I will not go into that in detail, but I will talk about the provisions of the Bill. The Bill is short and narrowly focused and provides a limited response to a set of specific challenges. Clause 1 provides the clear legal basis for us to oblige domestic companies to retain certain types of communications data. Currently, those communications data are retained by communication service providers under the data retention regulations passed by Parliament in 2009, which implemented the EU data retention directive in the UK.

Although we are confident that those regulations remain in force, following the ECJ judgment, we must put beyond doubt the need for CSPs to continue to retain communications data, as they have been doing until now. If we do not do so, we run the risk of losing access to those data, which, as I have said, are vital for day-to-day policing. Our very strong data protection laws mean that, in the absence of a legal duty to retain specific data, companies must delete data that are not required beyond their strict business uses. The loss of those data would be potentially devastating. As I said earlier, it would impact seriously on the ability of the police, law enforcement agencies and our security and intelligence agencies to investigate crime, solve kidnappings, find vulnerable people in danger, uncover terrorist links and protect children.

Mrs May

- Hansard -

Copy Link

- - Excerpts

The European Court of Justice did not say that a 12-month retention period was unlawful. It said that it recognised the need for access to and retention of the data, and it questioned the periods that were set aside. In fact, the data retention directive said that data could be retained for up to 24 months—we had previously used 12 months, rather than 24—but one of the issues was that it was said that requiring the retention of every type of data for the same period of time was not right and proportionate, and that it was necessary to be able to differentiate. We are introducing that differentiation by setting our data retention period at a maximum of 12 months, so that notices issued to CSPs for certain types of data can, if it is felt to be right, ask for retention to be for a shorter period.

As I have said, communications data are used in 95% of serious and organised crime investigations handled by the Crown Prosecution Service and have played a significant role in every Security Service counter-terrorism operation over the last decade. Clauses 1 and 2 will ensure that we can maintain the status quo by replicating our existing data retention regulations. As I have indicated, the Bill gives the Secretary of State the power to issue a notice to a communications service provider only if he or she considers the retention to be necessary and proportionate. As I said in response to my hon. Friend the Member for Isle of Wight (Mr Turner) and other hon. Members, the data retention notice will specify the duration for which data are to be retained, for up to a maximum of 12 months. If it is not proportionate to retain certain data for a full 12 months, a shorter period can be chosen. The data types that can be retained will be limited to the strict list of data types that are currently specified in the 2009 data retention regulations, and there will be a clear requirement for the Secretary of State to keep any data retention notice under review.