Last updated: 
5 days 21 hours ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Accidental Interception

Wednesday, August 28, 2013 - 17:13

The Regulation of Investigatory Powers (Monetary Penalties and Consents for Interceptions) Regulations 2011 are now in force. These make two changes to the Regulation of Investigatory Powers Act 2000:

  • Creating monetary penalty notices (in effect fines, but imposed by a regulator rather than the courts) for unlawful interceptions of public communications networks that are unintentional (intentional interceptions are already subject to fines and imprisonment under RIPA) (Regulation 2);
  • A change to rules on interception where the user has given consent: this used to be lawful if the interceptor reasonably believed that a user had given their consent, but now requires that a particular user actually has consented (Regulation 3).

As I noted in our response to the consultation on these changes, there are practical problems with both of them. Removing the requirement for "intention" from the definition of interception seems to bring a number of quite legitimate actions within scope. Requiring actual consent seems to make that justification for interception essentially unusable, since actual consent (unlike a "reasonable belief in consent") goes away as soon as one user passes their keyboard to someone else.

These interpretive issues are likely to be worked out on public networks (the unintentional interception provisions only apply to those). It will be interesting to see what impact they have.