Communications data is generated by telecommunications and postal operators in the course of their business practices. It can then be used to demonstrate who was communicating; when; from where; and with whom. It can include the time and duration of a communication, the number or email address of the originator and recipient, and sometimes the location of the device from which the telecommunication was made. It does not include the content of any communication: for example the text of an email, or what was said on a phone call. Access to communications data is essential for law enforcement and national security investigations. 

The Regulations amend the legislative scheme providing for the retention of and access to communications data - information about communications, but not their content. 

Legislative changes are required to ensure the United Kingdom's communications data retention regime complies with European Union law. The Regulations also bring into force the Communications Data Code of Practice under the Investigatory Powers Act 2016 (IPA).

Data protection law requires operators to delete data that they no longer require for business purposes. It is therefore necessary to have a power to require the retention of data. Section 87(1) of the IPA provides such a power. It gives the Secretary of State the ability, by notice, to require the retention of communications data for purposes such as the prevention and detection of crime. Essentially, if data is not retained, it cannot be accessed subsequently. Sometimes communications data is the only way to identify offenders. Given its importance to investigations, it is crucial to ensure that it is retained where it is necessary and proportionate to do so, for up to a year, and that it can then be accessed by the relevant public authority under strict controls. 

These Regulations provide for a number of amendments to the IPA including provisions: 

- for independent authorisation of most communications data requests; 
- for internal authorisation of requests in urgent cases, and in cases of national security and where the request is being made by the three intelligence agencies;
- restricting the crime purpose for which events data (such as call histories and location information) can be retained and acquired, to a new threshold of serious crime; 
- further restricting the purposes for which data can be acquired and retained by removing three statutory purposes; and 
- adding additional considerations that must be taken into account by the Secretary of State before a retention notice is given.