Any network operator will need, from time to time, to examine the traffic that is flowing on their network, whether for capacity planning, tracing faults or investigating use or abuse of the network.
The law provides for these kinds of activity; however, any work on a communications network must comply with the Human Rights Act 1998 which states that individuals have a right to respect for the privacy of their communications.
Information about the volume or performance of network traffic flows will not normally fall within the Human Rights Act, but if a flow can be associated with an individual person then it will be protected by the Data Protection Act 2018 and General Data Protection Regulation.
Any monitoring or investigation that may, whether deliberately or accidentally, reveal the content of packets or messages will also be subject to the Investigatory Powers Act 2016. This Act distinguishes between monitoring required for the operation of a service (for example tracing network faults), and monitoring done for business purposes, including the policing of acceptable use policies.
Who can perform network monitoring?
Operational monitoring may, in general, be done at any time by the authorised operator of the service.
Business monitoring may only be done after users have been notified and for purposes set out in the Interception by Businesses etc. for Monitoring and Record-keeping Purposes Regulations associated with the Act.
Ensure your actions are appropriate
The Human Rights Act further requires that any invasion of privacy must be proportionate to the risk that is being addressed by the monitoring. Any decision to monitor or investigate should therefore include an impact assessment to ensure that it will not cause more harm than good and should be undertaken with proper authorisation.
Codes of Practice on Monitoring at Work (see especially Part 3) have been produced by the Information Commissioner: their provisions are likely to apply to students and other users as well as employees.
It should be noted that network measurement - creating packets or traffic flows and measuring their progress across a network - is unlikely to be affected by any laws on privacy or monitoring.