(no title)

1. What exactly is being stored? I have seen stories/comments saying it is domain names visited from web browsing but does it also cover other internet activity? Or is it being left vague?

2. Does the requirement to keep data for one year come with a corresponding obligation to delete it after that? Are they allowed to keep it longer (perhaps summary/derived data for cost reduction) ?

3. Can the organisations with access make bulk requests for all the data or do they have to request records one ip addr/person at a time? (yes, I know an IP is not a person etc).

4. If the data does have to be destroyed at some point does that only include data collected by the isp or also include copies made by those with access?

5. Are there any published numbers on roughly how many people will have access to collected data?