UK security agencies breached data protection laws, investigation rules
British security agencies have unlawfully collected massive volumes of confidential personal data on citizens for more than a decade, senior judges have ruled. The investigatory powers tribunal (IPT), which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated an illegal regime to collect vast amounts of communications data, tracking individual phone and web use and other confidential personal information, without adequate safeguards or supervision for 17 years, according to an article in The Guardian.
The IPT said the regime governing the collection of bulk communications data (BCD) failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4th November 2015, when it was made public.
Chaired by Mr Justice Burton, the IPT ruling revealed that security agency staff had been sent internal warnings not to use the databases containing the vast collections of information to search for or access details “about other members of staff, neighbours, friends, acquaintances, family members and public figures”.
It also revealed concerns within the security agencies about the secretive nature of their bulk data collection activities.
Mark Scott, of Bhatt Murphy Solicitors, who was instructed by Privacy International in the legal challenge, said: “This judgment confirms that for over a decade UK security services unlawfully concealed both the extent of their surveillance capabilities and that innocent people across the country have been spied upon.”
A government spokesperson said the ruling showed that the regimes used to hold and collect data since March and November 2015 respectively were legal. “The powers available to the security and intelligence agencies play a vital role in protecting the UK and its citizens. We are therefore pleased the tribunal has confirmed the current lawfulness of the existing bulk communications data and bulk personal dataset regimes.”