Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Investigatory Powers Bill passes

Friday, November 18, 2016 - 13:54

According to Parliament's website, "outstanding issues on the [Investigatory Powers] Bill were resolved on 16th November". The Bill now passes to its final formal stage, Royal Assent, after which it will be the Investigatory Powers Act.

Although the final text won't be published till that happens, the Parliamentary stages don't seem to have made any significant changes to the powers in the original draft Bill. Most changes appear to be clarifications and modifications for the process of approving orders.

For Janet and its customers the most significant change is that the Government's current powers to order public networks to retain communications data and provide technical measures to facilitate investigations have been extended to all "telecommunications operators". This term is defined sufficiently widely to capture any network, including private networks between and within universities, colleges, businesses and homes. 

The only example the Government has given of where this power might be used is if a cybercafe were to become a meeting-place for terrorists. That puzzled many telecoms lawyers who had understood from Ofcom's rule of thumb that cybercafes were public networks already. It's therefore impossible to predict whether the Government might decide to make an order against any of the much wider range of networks that are now within the scope of its powers.

Unless a network operator does receive such an order, any retention of data or inspection of content can only be done under existing legal permissions - typically limited to the operator's own requirements such as protecting the network and its services. Increasing your logging or interception facilities just because of the new Act is likely to breach data protection and interception law.