Relevant laws around the world

In Australia, we provide various networked IT services including data, voice and internet services. We operate from our Sydney office and employ more than 200 people.

Lawful interception

The Telecommunications (Interception and Access) Act 1979 (Cth) regulates access to telecommunications content and data in Australia (including intercepting communications in specific circumstances). Under this Act, intercepting telecommunications is only justified for law enforcement and national security purposes. The only people who can issue a warrant to intercept communications are a judge, a nominated member of the Administrative Appeals Tribunal, the attorney-general or the director-general of security (in an emergency).

Data Retention

There are two ways data is kept in Australia.

• The Stored Communications Regime (Telecommunications (Interception and Access) Act, Part 3-1A) allows certain law enforcement agencies to serve preservation notices on communication service providers. These notices order them to keep any communications stated in the preservation notice.

There are three different types of preservation notice: 

– historic domestic preservation notices
– ongoing domestic preservation notices
– foreign preservation notices.

A domestic preservation notice can stay in force over the relevant communications for a maximum of 90 days. A foreign preservation notice can stay in force for 180 days.

• The Data Retention Regime (Telecommunications (Interception and Access) Act, Part 5-1A, as amended by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015) requires communication service providers to keep certain categories of data for two years. This data doesn’t include the content or substance of a communication. Communication service providers must also keep certain types of subscriber information while an account’s active and for two years after it’s closed.

Data disclosure

The Telecommunications (Interception and Access) Act also allows certain law enforcement and security agencies to access telecommunications data held by communications service providers.

Requests for access to data are independently overseen by the commonwealth ombudsman or, in the case of the Australian Security Intelligence Organisation, by the inspector-general of intelligence and security.

Web blocking

Under the Telecommunications Act 1997 (Cth), internet service providers must try to stop telecommunications networks and facilities being used for crime. The Australian Federal Police use this power to instruct internet service providers to block websites which contain child exploitation material through the Access Limitation Scheme. It’s also used to tackle cyber-crime.

The Australian Media and Communications Authority has a remit under Schedule 5 of the Broadcasting Services Act 1992 (Cth) to require internet service providers to stop access to certain content (for example, child sexual abuse content) which is hosted outside of Australia. It has a similar remit under Schedule 7 of the Broadcasting Act for content services located in Australia.

Under the Copyright Act 1968 (Cth), rights holders can apply to the Federal Court for an injunction that requires internet service providers to take reasonable steps to block access to overseas operated websites which infringe copyright or facilitate copyright infringement. This power was introduced by the Copyright Amendment (Online Infringement) Act 2015 (Cth).

We operate from our Brussels office and employ around 200 people. We provide services to multinational corporate and public sector customers, which have complex communication and information system needs. As part of BT’s Global unit, we are a global leader in the provisioning of managed IT services for cyber security, digital workplace, contact centres, multi-cloud and infrastructure services. 

Lawful interception

Under Article 90ter of the Code of Criminal Procedure, communication service providers must co-operate with judiciary authorities when it comes to lawful interception.

An examining magistrate must order an interception of the content of communications. This can be a warrant or verbally in an emergency (with confirmation), as defined in Articles 90ter to 90decies of the Code of Criminal Procedure, which was modified by the Law of 25 December 2016 on Internet Investigatory Powers. The examining magistrate can ask for communications to be intercepted:

• in exceptional cases
• when necessary for investigations
• when there are strong indications that the communications relate to offences listed in Article 90ter §2 Code of Criminal Procedure
• when other investigations are not enough to find out the truth.

The warrant must be sent to the public prosecutor (Article 90quater §1 Code of Criminal Procedure).

In exceptional circumstances the public prosecutor can order the content of communications to be intercepted. This can happen when the aim is to catch a suspect while they’re committing a crime (the relevant crimes are listed in Article 90ter, §5 of the Code of Criminal Procedure).

If national security is at stake, the director general of the intelligence and safety services can order a draft authorisation for interception. This will either be accepted or rejected by a special committee in charge of surveillance. This process is governed by Articles 18/9, 18/10, 18/17 and 44 of the Intelligence and Safety Services Act of 30 November 1998.

The General Military Intelligence and Safety Service (GMISS) can also intercept communications that come from abroad. In December each year, the GMISS produces a list of organisations and institutions whose communications it plans to intercept, with a justification for each. The minister of defence has 10 days to accept or reject the list.

If it’s urgent, and there’s a clear need, the GMISS can intercept communications for organisations or institutions that aren’t on the list. But the GMISS must let the minister of defence know about this as soon as possible and not later than the next business day after the start of the interception. If the minister disagrees with the interception, they can stop it (Article 44/3, 1° Intelligence and Safety Services Act).

Data Retention

Article 126 of the Belgian Electronic Communications Act (“ECA”) and its implementing orders required certain providers of electronic communications services (more specifically providers offering (i) mobile telephony; (ii) fixed telephony; (iii) public Internet access services; and (iv) public Internet e-mail services and public Internet telephony services in Belgium) to carry out a general and indiscriminate retention of certain traffic and location data during a certain period of time for the purpose of combating crime or safeguarding national security.

On 6 October 2020, this provision was found to be non-compliant with EU law by the EU Court of Justice (judgment in joined cases C-511/18, C-512/18 and C-520/18) and was subsequently annulled by the Belgian Constitutional Court in its judgment of 22 April 2021.

Since Belgian law enforcement authorities are heavily dependent on identification and meta data for the investigation and prosecution of crime, the Belgian Government launched a public consultation from 7 May until 4 June to repair the annulled legislation through which it intends to reinstate data retention obligations. Following a second judgement of 18 November by the Belgian Constitutional Court, the Belgian Government launched a new public consultation on the draft amendments to the “data retention” bill which will run until 25 March 2022. An update will be provided once the amendments have been confirmed.

Data disclosure

Operators must co-operate with judiciary authorities when it comes to data disclosure (Articles 46bis of the Code of Criminal Procedure for identification data and 88bis of the Code of Criminal Procedure for geolocation and traffic data).

The public prosecutor and the examining magistrate can require operators to give them retained data to identify an end user, and the electronic communications services the user subscribes to (Article 46bis, §1 Code of Criminal Procedure). In an extreme emergency, the public prosecutor and the examining magistrate can authorise this verbally, but they must confirm it in writing as soon as they can afterwards (Articles 46bis, §1 and 56, §2 Code of Criminal Procedure).

An examining magistrate can require the disclosure of traffic and geolocation data through a written warrant. They can only do this where there are serious indications that crimes are taking place which could result in a sentence of one year or more in prison, and where the examining magistrate believes it is necessary to get to the truth (Article 88bis of the Code of Criminal Procedure). The justified order should describe:

• the circumstances that mean the measure is needed
• why the measure is proportionate in relation to the targeted person’s privacy
• the length of the disclosure request (Article 88bis Code of Criminal Procedure).

Web blocking

The public prosecutor (Deputy Public Prosecutor and the authority acting for the Public Prosecutor) can through an order required internet service providers to block access to particular unlawful sites, to stop damage caused by content published online (Article 39 bis Code of Criminal Procedure). Orders often include additional obligations to redirect users to a specific URL or to remove the content if it is hosted on a service provider’s internet. And, under intellectual property law, the court can make an internet service provider carry out any measure necessary to stop the infringement of their copyright or associated rights.

Internet service providers might also be required to block sites which carry child sexual abuse material, or promote terrorism, racial violence or hatred. 

We’ve worked in Brazil for more than 17 years. We have around 200 employees there who support corporate networks, serving hundreds of organisations from the public and private sectors in various industries. We also have extensive terrestrial networks with several GPoPs and thousands of connections from strategic partners in collaboration to support BT Global Network.

Lawful interception

Under Law No. 9,296/1996 (called the ‘Wiretap Law’ from now on), a court can issue an order requiring a communications service provider to intercept traffic on its network. Only the police authority or the public prosecutor can request these in specific circumstances, for example as part of a criminal investigation or legal proceedings.

Data Retention

The Internet Law (Law No. 12,965/2014) requires communication service providers to keep internet connection logs for a year. The police, an administrative authority or public prosecutor can ask them to keep it for longer than a year. Retention is regulated by Presidential Decree 8,771 of 11 May 2016.

As well as this, ANATEL’s Resolution No. 614/2012 requires communication service providers to keep connection logs for at least one year. Under the Resolution, connection records include:

• the date and time of the beginning and end of internet access
• the length of internet access
• the IP address used
• other information that allows the access terminal used to be identified.

The Internet Law stops internet access providers from keeping users’ application logs. This means they can’t keep the content of internet activity or logs of which applications people have used. The Internet Law also separately provides that an internet access provider must keep its application access logs confidential for six months.

Data disclosure

Under Article 22 of the Internet Law, communications data can only be disclosed when requested by the police authority, the public prosecutor, other law enforcement agencies, or any other interested party. Data can be requested for evidence gathering in civil or criminal legal procedures and must be authorised by a court order.

Users’ personal data, particularly their name, marital status, occupation, address and name of parents, must be provided by communication service providers if the police authority, the public prosecutor or other administrative authority ask for it – they don’t need a court order. This is defined in law under the Internet Law, the Money Laundering Law (Law No. 12,683/2012) and the Organised Crime Law (Law No. 12,850/2013).

Web blocking

There are restrictions to blocking, monitoring, filtering or analysing the contents of internet data packets that are consistent with the principle of net neutrality.

While judges have the power to issue court orders requiring internet service providers to block access to illegal content, they usually prefer to order the party hosting the illegal content to remove it. This is because blocking access might not be proportionate. In the case of child sexual abuse material or unauthorised disclosure of sexual content, there’s a notice and takedown provision under the Internet Law. Otherwise, there are no general laws requiring content to be blocked.

In Canada, we provide various networked IT products including data, voice and internet services. We operate from our Toronto office and employ around 70 people.

Lawful interception

The Radiocommunication Regulations generally prohibit intercepting radio communications. But there are exceptions – for example, for emergencies, investigations by public officials, government spectrum management and communications service provider network security.

There are several circumstances where interception is allowed under the Criminal Code (as amended by the Protecting Canadians from Online Crime Act in 2015). These are:

• by getting both one of the communicating parties’ consent and a public officer’s order (a public officer can be a peace officer and any public officer responsible for law enforcement)

• if an agent of the state believes there’s a risk of bodily harm to the person who consented to the interception under the previous point

• with a formal warrant from a judge or an urgent warrant from a justice of the peace.

In an urgent situation, where there are no other means available under the Code, interceptions can also be allowed to stop serious harm to people or property.

The Canadian Security Intelligence Services Act establishes conditions where the Canadian Security Intelligence Service can get a warrant from a judge if there’s a threat to national security or to collect foreign intelligence.

Part V.1 of the National Defence Act establishes the conditions under which the Communications Security Establishment of Canada can get approval from the minister of national defence to intercept private communications involving foreign entities outside Canada. This is allowed as long as there’s no other way to reasonably get the information, and provided that Canadians’ privacy interests are protected.

Data Retention

The Code can require communications interception over a period of time. A warrant or production order specifies the data to be kept, for example, transmission data or tracking data, and how long for. This is done on a case-by-case basis.

Data disclosure

Law enforcement authorities and the security services can require communication service providers to provide data in the same way as interception (see ‘Lawful interception’ above).

Canada’s Competition Act allows the commissioner of competition to apply to a judge of a superior or county court for the disclosure of data. This disclosure is made according to the production order.

Under the Competition Act, the commissioner can also get a search warrant, which might include the reproduction of data found on a computer system.

Web blocking

Superior courts have wide powers to grant blocking orders. Under the Child Pornography Reporting Act, internet service providers must notify authorities about any situations involving child sexual abuse material.

The Quebec government had adopted a law (Bill 74) to compel communication service providers to block illegal gambling websites. In July 2018, the Superior Court of Quebec decided that this law was unconstitutional.  

In Colombia, we provide a range of services including data and internet access. We employ around 100 people in our office in Bogota.

Lawful interception

Generally, intercepting communications can only take place through a judicial order that meets the criteria set out in relevant laws. But interception can also take place without a court order to allow interception for the purposes of a criminal investigation by the public prosecutor. This is allowed as long as the public prosecutor issues an order to the judicial police who’ll be in charge of the technical aspects of the relevant operation and processing. This exception is allowed under Law 1453/2011, which amends the Colombian Criminal Procedure Code, and Decree 1704/2012 (compiled in Decree 1078/2015).

These orders last for 3 months. They can be extended if the public prosecutor decides there are still grounds for interception. Any extension must be examined and authorised by a judge (juez de control de garantías). The order must be issued during an ongoing investigation and with the purpose of finding evidence. Within 24 hours of getting a report from the judicial police, the public prosecutor must appear before the relevant judge to examine the legality of the interception operation.

Interception for the purposes of intelligence and counterintelligence is allowed if certain conditions are met, under Law 1621/2013 (regulated by Decree 857/2014).

The government carries out interceptions after the relevant communications service provider grants access. The provider doesn’t directly take part in any interception operations.

Data Retention

Generally, all information about a subscriber of a service must be kept for at least five years. Under the Commercial Code, all commercial documents and information must be kept for at least ten years.

Decree 1704 states that communication service providers must keep certain subscriber data for five years. This data includes a subscriber’s ID, invoicing information and type of connection, for example voice or data. Under this Decree, the communications service provider should also give the Office of the Attorney General specific information, like zone/sector, signal strength and geographic coordinates that might help identify the terminal or devices used in a particular communication. Decree 1704 applies when there’s a judicial investigation (criminal prosecution) and the public prosecutor needs to have access to certain information as evidence.

Communication service providers must give information to certain authorities about a subscriber’s communications’ activities under Law 1621/2013 (see ‘Data disclosure’ below). This information

includes:

• their technical identification data
• the location of the cells where the relevant terminals are
• any other information that might help identify where someone is.

This law applies to all intelligence and counter-intelligence activity.

Resolutions No. 912/2008 and 3066/2011 (as modified by Resolution 511/2017) require that communication service providers must keep certain subscriber information.

Data disclosure

Any government body which is responsible for law enforcement or prosecuting or investigating crime can ask for data disclosure. This includes the public prosecutor and other government agencies like tax authorities. There are also certain legal requirements which must be fulfilled.

Under Law 1581/2012, personal information can only be provided to a public authority if the authority’s carrying out its duties or a judicial order has been issued.

Web blocking

Internet service providers can be asked to block access to internet sites or services either by a judicial order issued by a competent judge or public prosecutor, or by orders issued by administrative authorities with an investigative capacity (for example, the Superintendence of Industry and Commerce, the Banking Superintendence, the Ministry of Communications, and the Financial Analysis and Information Unit). Most web blocking requests in Colombia are to do with child sexual abuse content.

We employ around 400 people across France one third of which are Security specialists. Our head office is in Paris. We provide services to large companies, including multinationals and multi-sites, which have complex communication and information system needs. In France, we support major companies in the finance, telecoms, industrial and services sectors by integrating, securing and managing network and cloud infrastructure and services.

Lawful interception

Interception can be required through administrative requests or judicial requests under French law.

• According to the French Homeland Security Code (the CSI), the contents of a communication can only be intercepted for national security purposes – so that’s national defence, prevention of terrorism, prevention of organised crime and delinquency. To do this a minister in charge of homeland security, defence, justice, economy, budget or customs (or their delegate) must make an administrative request, which is then approved by the prime minister following an opinion from the National Intelligence Control Commission (CNCTR). If the situation is urgent, then it’s possible that the Commission is only informed of the interception.
• Under the French Code of Criminal Procedure a judicial request for interception is needed for detecting or investigating cases of serious crime – for example, money laundering, organised gang crime or where the criminal penalty is three or more years in prison. Depending on the circumstances, an investigative judge, or a public prosecutor can authorise the request with written permission from the liberty and custody judge.

Operators must put measures in place to comply with any requests.

Data Retention

Under the Postal and Electronic Communications Code, operators must keep data about voice and data services for up to a year. This includes subscriber information, names, addresses and communications data. It also includes passwords and payment information if the subscription is to online public communications. After the Digital Rights Ireland, Tele2Sverige AB and Watson cases, several associations asked the French Council of State to check if existing legislation governing data retention and administrative data access requests was legal. The claim wasn’t upheld.

Data disclosure

The Code of Criminal Procedure and other relevant legislation provides for the disclosure of communications data to judicial authorities, police officers, public prosecutors or an investigative judge. A judicial authorisation isn’t always needed.

The protection authorities ARCOM (intellectual property) and ANSSI (information systems security) can also ask operators to give them data for investigations, findings and judicial proceedings related to:

• copyright and related rights infringement
• criminal offences
• preventing unauthorised access to automated data processing systems.

Under the French Homeland Security Code, the public service in charge of security interception (the Groupement Interministériel de Contrôle) can require that communication service providers give them data for security purposes. These requests must be approved by the prime minister or their delegate.

Under Article L.65 quinquies of the Customs Code, French customs agents can require operators to give them data for customs investigations.

Under Article L.96 G of the Tax Proceedings Code, French tax agents can require operators to give them data for tax investigations.

Under Article L.114-19 of the Social Security Code, French social security agents (URSSAF) can require operators to give them data for social security investigations.

Web blocking

A judicial authority can make internet service providers block access to particular sites, to stop damage caused by content published online. And, under intellectual property law, the court can make an internet service provider carry out any measure necessary to stop the infringement of copyright or associated rights.

The Central Office for Action to Fight against Crime related to Information Technology and Communication might also require internet service providers to block sites which carry child sexual abuse material, or promote terrorism, racial violence or hatred. A request to remove this type of material must first be made to the publisher of the website or the hosting service provider. If they don’t reply in 24 hours, the Central Office can ask an internet service provider to block the sites. French internet service providers have also been ordered to block access to pro-terrorism websites.

We’ve been working in Germany for more than 20 years and provide global network and IT services to around 900 customers.

We run our own network infrastructure in Germany, as well as our own Cityfibre Networks in four major German cities and three data centres which provide IT services and connections to our international IP network. We have five offices in Germany and around 800 employees. We provide data services including internet access, voice over internet protocol (VoIP) and cloud-based services.

Lawful interception

The German Telecommunications Act allows intelligence and law enforcement agencies to intercept communications, subject to limitations set out in the German Constitution.

The right to privacy of telecommunications is protected under Article 10. Interception is authorised by a court order, which authorities must get beforehand, and must also meet certain requirements – for example, if someone’s committed or tried to commit a serious crime, or if there’s an imminent risk of a major attack on public security, like a terrorist attack. The legal bases for these court orders are in both federal law (especially section 100e of the German Criminal Procedure Code and section 23a of the German Customs Investigations Act) and in various regional acts on police powers to safeguard public security.

The Criminal Procedure Code allows the public prosecutor’s office to issue an interception order in an urgent situation, which the competent court must confirm within three working days (section 100e (1) of the Criminal Procedure Code). The Federal Criminal Police Office Act also allows the president of the Federal Criminal Police Office to grant an interception order, as long as they then get judicial approval.

As well as this, the Law on the Restriction of Privacy of Correspondence, Post and Telecommunications (called the ‘G-10Law’ from now on) allows the intelligence services to intercept a person’s communications without a court order. This can happen if they are suspicious that this person has committed certain offences which, among other things, endanger national security (section 1(1) no.1 and section 3 of the G-10 Law). The federal ministry of the interior must order any interception activities requested by federal intelligence services (section 10 of the G-10 Law) and the G-10 Commission must approve these in advance (section 15(5) of the G-10 Law).

The exception is for situations where danger is imminent – in this case subsequent approval is enough (section 15(6) of the G-10 Law). The competent supreme authority of the state is responsible for orders for interception by state intelligence services (section 10 of the G-10 Law). The provisions for approving these measures must be set out in the respective state law (section 16 of the G-10 Law).

The G-10 Law also allows German intelligence services to carry out untargeted interception in certain circumstances – that is intercepting certain geographic regions, rather than a specific individual suspect. This is allowed when interception is to stop:

• armed attacks, including terrorist attacks, on Germany
• certain serious crimes, including international drugs trafficking and money laundering (section 5 of the G-10 Law)
• danger to the life or wellbeing of an individual who is abroad, where this danger directly affects the interests of Germany (section 8 of the G-10 Law).

An authorised court order isn’t needed for this but the federal ministry of the interior must set the geographic parameters of the untargeted interception. The Parliamentary Control Panel must also approve this in advance, unless there is imminent danger, in which case subsequent approval is enough (section 14(2) of the G-10 Law).

Anyone providing publicly available telecommunications services to more than 10,000 subscribers must install a surveillance system which complies with technical requirements set out in the German Telecommunications Surveillance Directive. Communication service providers can choose to carry out legal interception in house or delegate it to agents. Communication service providers, or their agents, must always be available for requests by phone and process them during normal business hours.

Data Retention

Under federal legislation adopted in 2008 (sections 113a and following of the Telecommunications Act), providers of public telecommunications services were required to keep subscriber information and traffic data for six months. But in 2010 the German Federal Constitutional Court held this legislation to be contrary to the German Constitution, because it was a disproportionate restriction of the right to privacy.

Data retention legislation adopted in 2015 limits the data that is retained – for example, emails aren’t included. It also limits the length of the storage, which is normally ten weeks, but only four weeks for location data. Processes to comply with this legislation had to be implemented by 1 July 2017.

In late 2016, the CJEU held that UK and Swedish legislation that required communication service providers to store subscriber and traffic data wasn’t compatible with the EU Charter of Human Rights. One of the reasons the CJEU gave was that the storage requirement must be limited to specific situations that could justify a temporary retention of data (see the Tele2 Sverige AB and Watson judgments).

Although the CJEU decision didn’t directly concern German data retention legislation, the Court’s reasoning suggested that Germany’s legislation might not conform to EU law. For this reason, a German Superior Administrative Court granted a preliminary injunction to a German internet service provider that had chosen not to implement current legislation because of constitutional and EU law concerns. After this decision, the German Federal Network Agency stated it would stop enforcing the existing legislation until the end of the main proceedings, which might include a referral of the matter to the CJEU. Another German Administrative Court confirmed this position in favour of a German communications service provider in 2019.

Data disclosure

Under the Telecommunications Act, data can only be disclosed if the requesting party is legally authorised, and the disclosing party is legally authorised to disclose the data.

The main avenue for disclosure of subscriber data is an automated procedure under which the German Federal Network Agency is tasked with retrieving data and forwarding it to the public authority that has asked for it (e.g. the police). This means that communication service providers must store all subscriber data on a server that the German Federal Networks Agency can always access (section 112 of the Telecommunications Act). A prior judicial order isn’t needed for the disclosure of subscriber data (i.e. not traffic or content data). If the automated procedure doesn’t deliver the right results, public authorities can also ask communication service providers directly for so called manual disclosure of subscriber data (section 113 of the Telecommunications Act). Communication service providers can choose to keep these subscriber files in-house or pass this on to a third-party supplier.

By contrast, in general, disclosure of traffic data does need a prior judicial order, usually requested by the public prosecutor’s office (sections 100e and 101a of the German Criminal Procedure Code). If the situation is urgent, the public prosecutor’s office can issue a disclosure order, as long as it’s ratified by a competent court within three working days (sections 100e and 101a of the Criminal Procedure Code). Competent authorities can order disclosure of traffic data obtained as part of any interception activities carried out under the G-10 Law (see ‘Lawful interception’ above) without a court order, as long as the disclosure serves specific purposes (e.g. where they need it to stop a serious crime) (section 4(4) of the G-10 Law).

Web blocking

Under the German Interstate Treaty on Broadcasting and Telemedia, an internet service provider can be required by court order to block access to sites containing illegal content. Because no blocking order was ever made, the German Access Impediment Act about blocking child sexual abuse content was repealed after two years and hasn’t been replaced. Instead, the German Interstate Treaty on the Protection of Minors in the Media makes it a legal obligation for every internet service provider to check whether its content is appropriate for children.

Under statutory law, various German courts have held that access providers can be liable for failing to block access to websites containing illegal content – for example content that infringes intellectual property rights. But according to a recent decision of the German Federal Supreme Court, there’s no room for this liability where rights’ owners haven’t taken reasonable steps to take direct action against the people responsible for the illegal online content.

We have a long history of operating and investing in India, having started in 1987. With headquarters in New Delhi, BT India has operations in six key cities: New Delhi, Bangalore, Mumbai, Pune, Kolkata and Chennai. We started our commercial operations in 2007 when we got a licence to operate international and national long distance services.

Our main delivery hub is based in Gurgaon, New Delhi. It covers all our lines of businesses and customers, from UK consumers to large multinational businesses. It’s also the largest BT building in the world, with almost 5,000 people working there.

Lawful interception

Interception, monitoring and collection of any information (including traffic data) are governed by:

• the Information Technology Act 2000 (the ‘IT Act’)
• the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009
• the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules 2009.

(Collectively, these are called the ‘IT Rules’.)

‘Information’ is broadly defined as including data, text, images, sound, voice, codes, computer programs, software and databases, microfilm and computer-generated microfiche.

The Indian Telegraph Act 1885 and the Indian Telegraph Rules 1951 (the ‘Telegraph Laws’) regulate the monitoring of messages. This is again broadly defined to include any communication sent by telegraph or given to a telegraph officer to be sent or delivered.

The terms ‘information’ and ‘messages’ are collectively referred to as ‘communications’. The IT Act, IT Rules and Telegraph Laws are collectively referred to as the ‘Data Interception Laws’.

The telecom licence agreements we’ve entered into with the Indian Department of Telecommunications (the ‘Licence Agreements’) also allow certain government agencies (the ‘Monitoring Agencies’) to monitor communications traffic on a communications service provider’s network.

Typically, an authorised government agency will serve a communications service provider with an order to intercept communications. This must be issued by a competent authority under the Data Interception Laws. Competent authorities include the secretary to the government of India in the Ministry of Home Affairs, the secretary in charge of the Home Department and the secretary to the government of India in the Department of Information Technology under the Ministry of Communications and Information Technology.

The interception regime in India is evolving. Since October 2014, the government has required all communication service providers to connect their networks to a centralised monitoring system (CMS) under the terms of the Licence Agreements.

The CMS was set up by the government to allow certain law enforcement agencies to intercept and monitor mobile and landbased telecommunications and internet-based traffic in India in real-time. This includes all communications. The CMS allows authorised law enforcement agencies to remotely access a communications service provider’s network at any time without the provider knowing about this.

Data Retention

The Data Interception Laws govern the retention of intercepted and monitored communications. An authorised government agency can compel a communications service provider to keep communications through an order from the competent authority. Under the Licence Agreements, communication service providers must keep records of all communications exchanged on their network for one year. This can include detailed call logs showing dates, and duration and time of each call. Relevant authorities can require that this data is kept for longer periods of time.

Data disclosure

The Data Interception Laws also govern the disclosure of intercepted or monitored communications. An order from the competent authority directing a communications service provider to intercept or monitor communications can also ask for their disclosure. The Monitoring Agencies are also allowed to access the communication records maintained by the communications service provider under the terms of the Licence Agreements.

Web blocking

BT India’s operations don’t control access to the internet or information held on it. And we don’t do any form of web blocking.