Regulatory Developments

Last updated:

2 months 3 days ago

Blog Manager

One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Andrew Cormack

Recent members:

Shiny New Legislation

Wednesday, June 6, 2012 - 11:49

Andrew Cormack

I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster:

Data Retention (EC Directive) Regulations 2009 – with a significant update already being mentioned on the Home Office website and, this week, in the press;
Digital Economy Act 2010 – but the implementation code containing the actual details of network operators' duties still hasn't been published;
Regulation of Investigatory Powers (Monetary Penalty Notices and Consents for Interceptions) Regulations 2011 – penalties for unintentional interception, though the meaning of that still isn't clear;
Privacy and Electronic Communications (EC Directive)(Amendment) Regulations 2011 – Duties relating to Cookies and Privacy Breach Notification;
And a new Communications Act, expected in 2013, is likely to add to these.

For at least two of those (the Digital Economy Act and Privacy and Electronic Communications Regulations) the details of what the duties are and who will be subject to them is left to codes that haven’t been completed yet. And although the Data Retention Regulations are reasonably clear on what information needs to be retained, you don’t know whether you are required to comply until you get a call from the Home Secretary. So at the moment a network subject to these laws clearly needs to report privacy breaches and to be ready to do something in the areas of data retention and copyright enforcement when told to. But, beyond, that about the only thing clear about what the law requires of a network operator is that it’s likely to change, and continue to change for some time.

The good news from a Janet perspective is that most of these duties fall most heavily on the operators of public electronic communications networks - for example a public network operator who unlawfully intercepts their network commits a crime for which they can be fined or imprisoned: on a private network they would only commit a civil wrong for which they could be sued by the customer(s) who had suffered damage - though in the case of the Digital Economy Act even that isn’t clear. We are definitely living in interesting times.

Data Retention Directive

Digital Economy Act

Regulation of Investigatory Powers Act

ePrivacy Directive

Regulatory Developments

Group administrators:

Recent members:

Shiny New Legislation

Contact our support teams

Advice

Login to Community

Search form

You are here

Regulatory Developments

Group administrators:

Recent members:

Shiny New Legislation

Contact our support teams

Advice