UK email retention law comes into force

ISPs expected to retain all communications data from today

New European Union legislation comes into force today requiring ISPs to store the details of every email sent and web site visited by their users, in case the police, or any other public organisation or body, needs to access the information.

Similar rules covering phone records are already in force. The new directive specifically requests that ISPs retain the communications data, though not the actual content, for a year. The authorities will be able to request access to the data with a warrant.

Former UK home secretary Charles Clarke pushed for the rules in 2005 following the terrorist bombings in London.

"Modern criminality crosses borders and seeks to exploit digital technology. The measure is an important step in delivering the right to citizens across the EU to live in peace and free from the negative impact of terrorism and serious crime," Clarke said at the time.

"By voting in favour of this directive, the Council of Ministers, the European Commission and the European Parliament have shown their commitment to strengthening security across the EU."

The Home Office stated today that the government's priority is to "protect public safety and national security".

"That is why we are completing the implementation of this directive, which will bring the UK in line with our European counterparts," the department said.

"Access to communications data is governed by the Regulation of Investigatory Powers Act 2000 which ensures that effective safeguards are in place, and that the data can only be accessed when it is necessary and proportionate to do so."

Some reports suggest that all businesses will be expected to retain relevant data, but a Home Office spokesman insisted that the rules apply only to internet service providers.

The rules require firms to store the time and duration of telephone calls, details of connections made to the internet, and details, but not the content, of email and internet telephony services.

Neil Cook, head of technology services for EMEA at message security firm Cloudmark, expects the directive to cause many headaches for ISPs.

"Quite clearly this new legislation opens up a whole can of worms for the ISPs when it comes to potential security implications," he said. "Considering the sheer volume of high-profile security breaches hitting the headlines in the UK, the protection and storage of data is of paramount importance to an organisation."