Lawful interception of a communication

3.—(1) For the purpose of section 1(5)(a) of the Act, conduct is authorised, subject to paragraphs (2) and (3) below, if it consists of interception of a communication, in the course of its transmission by means of a telecommunication system, which is effected by or with the express or implied consent of the system controller for the purpose of—

(a)monitoring or keeping a record of communications—

(i)in order to—

(aa)establish the existence of facts, or

(bb)ascertain compliance with regulatory or self-regulatory practices or procedures which are—

• applicable to the system controller in the carrying on of his business or

• applicable to another person in the carrying on of his business where that person is supervised by the system controller in respect of those practices or procedures, or

(cc)ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties, or

(ii)in the interests of national security, or

(iii)for the purpose of preventing or detecting crime, or

(iv)for the purpose of investigating or detecting the unauthorised use of that or any other telecommunication system, or

(v)where that is undertaken—

(aa)in order to secure, or

(bb)as an inherent part of,

the effective operation of the system (including any monitoring or keeping of a record which would be authorised by section 3(3) of the Act if the conditions in paragraphs (a) and (b) thereof were satisfied); or

(b)monitoring communications for the purpose of determining whether they are communications relevant to the system controller’s business which fall within regulation 2(b)(i) above; or

(c)monitoring communications made to a confidential voice-telephony counselling or support service which is free of charge (other than the cost, if any, of making a telephone call) and operated in such a way that users may remain anonymous if they so choose.

(2) Conduct is authorised by paragraph (1) of this regulation only if—

(a)the interception in question is effected solely for the purpose of monitoring or (where appropriate) keeping a record of communications relevant to the system controller’s business;

(b)the telecommunication system in question is provided for use wholly or partly in connection with that business;

(c)the system controller has made all reasonable efforts to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted; and

(d)in a case falling within—

(i)paragraph (1)(a)(ii) above, the person by or on whose behalf the interception is effected is a person specified in section 6(2)(a) to (i) of the Act;

(ii)paragraph (1)(b) above, the communication is one which is intended to be received (whether or not it has been actually received) by a person using the telecommunication system in question.

(3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector(1) so permits.