Confidentiality of communications
6.—(1) Subject to paragraph (4), a person shall not use an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment—
- (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
- (b) is given the opportunity to refuse the storage of or access to that information.
(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.
(4) Paragraph (1) shall not apply to the technical storage of, or access to, information—
- (a) for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
- (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
Restrictions on the processing of certain traffic data
7.—(1) Subject to paragraphs (2) and (3), traffic data relating to subscribers or users which are processed and stored by a public communications provider shall, when no longer required for the purpose of the transmission of a communication, be—
- (a) erased;
- (b) in the case of an individual, modified so that they cease to constitute personal data of that subscriber or user; or
- (c) in the case of a corporate subscriber, modified so that they cease to be data that would be personal data if that subscriber was an individual.
(2) Traffic data held by a public communications provider for purposes connected with the payment of charges by a subscriber or in respect of interconnection payments may be processed and stored by that provider until the time specified in paragraph (5).
(3) Traffic data relating to a subscriber or user may be processed and stored by a provider of a public electronic communications service if—
- (a) such processing and storage are for the purpose of marketing electronic communications services, or for the provision of value added services to that subscriber or user; and
- (b) the subscriber or user to whom the traffic data relate has given his consent to such processing or storage; and
- (c) such processing and storage are undertaken only for the duration necessary for the purposes specified in subparagraph (a).
(4) Where a user or subscriber has given his consent in accordance with paragraph (3), he shall be able to withdraw it at any time.
(5) The time referred to in paragraph (2) is the end of the period during which legal proceedings may be brought in respect of payments due or alleged to be due or, where such proceedings are brought within that period, the time when those proceedings are finally determined.
(6) Legal proceedings shall not be taken to be finally determined—
- (a) until the conclusion of the ordinary period during which an appeal may be brought by either party (excluding any possibility of an extension of that period, whether by order of a court or otherwise), if no appeal is brought within that period; or
- (b) if an appeal is brought, until the conclusion of that appeal.
4
