I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster:
- Data Retention (EC Directive) Regulations 2009 – with a significant update already being mentioned on the Home Office website and, this week, in the press;
- Digital Economy Act 2010 – but the implementation code containing the actual details of network operators’ duties still hasn’t been published;
- Regulation of Investigatory Powers (Monetary Penalty Notices and Consents for Interceptions) Regulations 2011 – penalties for unintentional interception, though the meaning of that still isn’t clear;
- Privacy and Electronic Communications (EC Directive)(Amendment) Regulations 2011 – Duties relating to Cookies and Privacy Breach Notification;
- And a new Communications Act, expected in 2013, is likely to add to these.
For at least two of those (the Digital Economy Act and Privacy and Electronic Communications Regulations) the details of what the duties are and who will be subject to them is left to codes that haven’t been completed yet. And although the Data Retention Regulations are reasonably clear on what information needs to be retained, you don’t know whether you are required to comply until you get a call from the Home Secretary. So at the moment a network subject to these laws clearly needs to report privacy breaches and to be ready to do something in the areas of data retention and copyright enforcement when told to. But, beyond, that about the only thing clear about what the law requires of a network operator is that it’s likely to change, and continue to change for some time.
The good news from a Janet perspective is that most of these duties fall most heavily on the operators of public electronic communications networks – for example a public network operator who unlawfully intercepts their network commits a crime for which they can be fined or imprisoned: on a private network they would only commit a civil wrong for which they could be sued by the customer(s) who had suffered damage – though in the case of the Digital Economy Act even that isn’t clear. We are definitely living in interesting times.