This article is more than 1 year old
UK.gov admits Investigatory Powers Act illegal under EU law
Cops to be stripped of powers to OK access to comms data in tweaks to Snooper's Charter
Police forces will no longer be able to grant themselves access to surveillance data if new government proposals to the Snooper's Charter are accepted.
The move is one of a number of proposed changes (PDF) to the data retention rules in the controversial Investigatory Powers Act, which the government has been forced to admit doesn't abide by European laws.
Under surveillance laws, internet and telcos must retain communications data for up to a year – and up to now, senior staff in public authorities have been able to rubber-stamp access to this information.
But in a landmark ruling in a case brought by deputy Labour leader Tom Watson last year, the Court of Justice of the European Union deemed indiscriminate data retention illegal.
The court said that access to retained data must only be granted for cases of serious crime, and that authorisation should come from an independent body, not the police or public bodies.
At the time, it wasn't immediately clear what impact the ruling would have on the Investigatory Powers Act, which had only just received royal assent.
Now the government has admitted that "some aspects of the current regime... do not satisfy the requirements of the CJEU's judgment" – in that the IPA doesn't provide for independent authorisation of access requests and that access isn't limited to serious crime.
The Home Office acknowledged that the judgment "is clear that requests to acquire retained communications data must be approved by a court or independent administrative body".
And so it has said that public authorities will no longer be able to authorise requests, and proposed handing that power to a new body, the Office for Communications Data Authorisation, which will sit under the Investigatory Powers Commissioner.
But, the government added, creating such a body will require "significant" effort, which will include setting up IT systems and processes that can handle electronic applications from 600-plus public authorities.
Six months in prison? Sure, that seems serious
The government also set out amendments designed to address the fact data is not currently retained only in serious cases.
One concession here is to remove the purposes of public health, collecting taxes and financial services and market regulations from the act.
However, the government argued that there are lots of different definitions of "serious", and went ahead and plumped for a low bar: that an adult should be "capable" of being imprisoned for six months.
This is rather than another possible threshold that they should "reasonably expect" such a sentence, and is significantly shorter than other definitions of serious crime, which put it at three years in prison.
The Home Office said that threshold "would significantly undermine the utility of communications data in the prevention or detection of crime".
But the proposal was slammed by Liberty director Martha Spurrier. "The government has defined the 'serious crime' exception absurdly broadly – to include crimes punishable by only a few months in prison," she said.
"It fails to propose the robust system of independent oversight that is so vital to protect our rights and ignores other critical changes demanded by the court."
Watson was equally underwhelmed, saying that although the Home Office was making "significant concessions" he would be pushing for greater protections for privacy, as the proposals are "still flawed".
"Ministers aren't above the law – they don't get to pick and choose which rights violations they address and they can't haggle with the courts to avoid properly protecting people's freedom. All of the fundamental safeguards demanded by the court must now be implemented."
Meanwhile, Open Rights Group director Jim Killock pointed out on Twitter that the publication of the consultation came at a rather inopportune time for civil rights groups to respond.
And it's released, at exactly the same time as all the NGOs upset with it will be in a meeting with @ukhomeoffice—I’m not sure if this is precisely the best way to create trust with civil society partnershttps://t.co/GGWBfbH19e@OpenRightsGroup @libertyhq @bbw1984 @privacyint
— Jim Killock (@jimkillock) November 30, 2017
The consultation closes on January 18. ®