Police will now require independent authorisation to access data, but critics say the changes don’t limit ‘indiscriminate surveillance’ of personal data
The government has proposed changes to the Investigatory Powers Act (IPA) that would remove senior police officers’ ability to self-authorise access to communications metadata, in an effort to bring the so-called “snooper’s charter” into line with EU law.
But rights groups described the changes as flawed, noting the government is not putting forward alterations to the amount of individuals’ communications data collected and stored.
The act governs how communications metadata can be collected and stored and how law enforcement agencies may access it.
Metadata includes information about communications such as telephone, email and web use, such as numbers called or the addresses of sites accessed, but not the content of the communications, which is governed by separate interception laws that require approval by ministers.
A December 2016 ruling by the European Court of Justice (ECJ) found some aspects of the IPA were incompatible with EU law.
The ruling singled out aspects such as the lack of any requirement for law enforcement to seek independent approval to access data, something also pointed out by detractors before the law was passed and in subsequent challenges.
The court also said the fact that collection of data was not reserved for prosecuting serious crimes was illegal.
The new safeguards involve fresh amendments to the Investigatory Powers Act – described as the snooper’s charter – and follow the ECJ ruling, which said the “general and indiscriminate retention” of personal communications data could not be “considered justified within a democratic society”.
In response the government proposes to create a new Office for Communications Data Authorisations (OCDA) to oversee data requests and to put limits on the purposes for which data can be collected.
Under the government’s plan data collection is to be allowed for the investigation of offences carrying prison sentences of six months or more, and disallowed for public health, tax collection or the regulation of financial markets
Does IoT security concern you?
- Yes (89%)
- No (11%)
The creation of the OCDA is to be a “significant” task requiring new premises, IT systems and staff, the government said.
The changes don’t apply to the use of data by national security forces such as GCHQ, MI5 or MI6, which the government said falls “outside the scope of EU law”.
It has opened a public consultation (PDF) on the planned changes that runs through 18 January.
The government is currently estimated to make 250,000 requests each year for communications data, something the IPA aimed at legitimising.
Security minister Ben Wallace said communications data had been used in most serious and organised crime prosecutions and every major counter-militant investigation over the past decade.
Labour deputy leader Tom Watson, who initially brought the case before the European court with current Brexit secretary David Davis, said the government’s plans were “flawed” and called for “all of the fundamental safeguards” demanded by the court to be implemented.
Silkie Carlo, senior advocacy officer with human rights group Liberty, said the concessions were “half-baked” and did not undo the “indiscriminate surveillance of the public” authorised by the IPA.
The Open Rights Group (ORG) said the changes were a “major victory” but “refused to budge” on issues including the amount of personal communications data retained.
What do you know about the history of mobile messaging? Find out with our quiz!