Nothing in the Regulations shall require a communications provider to do, or stop doing, anything:
- if compliance would be inconsistent with any requirement:
- imposed by any enactment;
- imposed by any rule of law;
- imposed by court order; or
- that would be likely to prejudice the prevention or detection of crime or the apprehension or prosecution of offenders; or
- if exemption from the requirement in question:
- is necessary for the purposes of obtaining legal advice;
- is required in connection with legal proceedings (including prospective legal proceedings); or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights, (Regulation 33).
Directive 2002/58/EC, which these Regulations implement, is designed to ‘particularise and complement’ Directive 95/46/EC which has been implemented by the Data Protection Act 1998 (the Act). So, where personal data is being processed, the Act must be complied with. In other words, the above provisions must not be interpreted as in any way overriding'’ the Act.