This week the government has pushed through emergency legislation obliging companies to hold on to your data for a year, following an European Court of Justice (ECJ) ruling that created what some felt to be ambiguity in the law.
All three major parties supported the bill, ensuring it went through in time for the summer recess, overturning government fears spooks and police would be unable to do their jobs effectively in the two months parliamentarians will be busy sunning themselves.
What's this all about then?
The key to this debate is the concept of metadata, or what home secretary Teresa May described as the "who, where, when and how" of communications. The distinction allows governments to claim that they are not invading your privacy while still allowing them to gather information on alleged criminals.
This means they cannot listen to my calls or read my emails, right?
Unless you are up to something dodgy it is unlikely police will be tapping your phone. Under "legal intercept" rules in the bill this requires a warrant signed by high ranking officials such as the home secretary, although snooping by the surveillance agency GCHQ is not covered.
What's all the fuss about then?
Much of the furore is about timing. The ECJ ruling the bill is supposed to be responding to actually occurred in April, leaving the government a good three months to come up with a solution.
Tom Watson, Labour MP and critic of the bill, pointed out in an opinion piece for the Guardian that parliament went into recess a week early in May "because we were told there was no need to debate further legislation".
So there is no privacy risk here?
This is the position of the police and the spooks, but in the ECJ case that started this whole debacle the judges felt otherwise:
"[Metadata], taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented."
But this new law only restores the powers Europe used to let us have?
That is what the government says, but a group of legal academics dispute this. In a letter to parliament during the week they criticised the bill, saying it was "expanding the UK's ability to mandate the interception of communications content across the globe", something which they believe is a first for snooping legislation.
Are there any other problems?
Data retention touches on the thorny topic of whether Westminster or Brussels is in charge. The continent tends to take a tougher line on privacy than the UK, as evinced by the diplomatic fallout created by the Snowden leaks.
On paper the UK is also obliged to comply with the European Convention on Human Rights (ECHR), which exists outside of the EU. The convention has an article specifically concerned with privacy, though it contains a caveat which features the phrase "national security", which leaves governments room to snoop.
Are companies happy about this bill?
The government claims companies required legal clarification on what data they should be holding on to, and it is easy to see why they would be worried. While they have an incentive to keep data for the purposes of analysing it, they risk running afoul of privacy laws if they hold on to too much, or the wrong type. There is also the not insignificant cost of keeping it.
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...