The UK's surveillance regime is no longer "worse than scary" – but there are still a number of imperfections, the UN special rapporteur on the right to privacy has said.
Over the past week, Joseph Cannataci has met public bodies, spy agencies, civil rights groups, politicians and the judiciary to assess the UK's privacy and surveillance set up.
In his preliminary assessment, released today, the rapporteur is generally positive about the UK's progress since 2015, when he branded its oversight of intelligence services "a joke" and said the draft Snooper's Charter was "worse than scary".
For instance, he noted that the new oversight body, the Investigatory Powers Commissioner's Office, appeared on track to be better resourced than the three separate offices it replaced – but recommended bringing in about 30 more staffers in addition to the existing 50. There should also be a "strong contingent" of techies who were able to "get their hands dirty" with the nitty-gritty checking of spy agencies' systems.
He also praised the creation of the double-lock mechanism for granting spy warrants – where judicial commissioners countersign politicians' warrants – but warned that this means IPCO has a role in both authorising surveillance and then overseeing how that surveillance is carried out.
"To many observers, and especially people sitting outside the British isles, this arrangement still smacks of the new UK law creating a position where somebody is expected to be marking his own homework," he said.
Cannataci added that the "proof of the pudding doubtless will be in the eating" and that this aspect should be subject to special attention when the law is reviewed by or after 2021.
Although remaining broadly positive on the UK's national surveillance regime, Cannataci said that detailed provisions of the arrangements the nation has with other governments – including the Five Eyes alliance – was "not transparent to the public" and safeguards are not clearly set out in the Investigatory Powers Act (IPA).
"Intelligence sharing must not result in a backdoor to obtain or facilitate for others the obtaining of intelligence free from domestic safeguards, nor a loophole for foreign Governments with lower standards on the protection of privacy (or other human rights) to obtain intelligence from UK intelligence that could give rise to human rights violations."
Cannataci endorsed Privacy International's calls for greater public scrutiny of such deals, and added that he had not received satisfactory answers on how the government would avoid facilitating non-compliant surveillance by allies.
The rapporteur also considered other data protection and privacy issues facing the UK at the moment, including the government's recently canned sharing of non-clinical health data with the Home Office and DeepMind Health's work with a London NHS trust.
Of the latter case, Cannataci said there needed to be "clear, strong guidelines on and oversight of any data-sharing agreement entered by the NHS, either at the UK or local levels". Smaller or less experienced health bodies might need extra help when making deals with global corporates, and such guidelines should be drawn up within the next couple of years.
Cannataci also seemed unimpressed with the increasing use of automated facial recognition, which has been deployed by London and Welsh police forces in a set of ongoing trials.
"In addition to the admitted lack of precision of the technology, I find it difficult to see how the deployment of a technology that would potentially allow the identification of each single participant in a peaceful demonstration could possibly pass the test of necessity and proportionality," he observed.
Overall, though, Cannataci said that the UK had "equipped itself with a legal framework and significant resources designed to protect privacy without compromising security".
The generally positive tone of the assessment, especially on many aspects of the IPA, may come as a relief for the UK government ahead of Brexit and the expected negotiations for a data adequacy deal that will also consider surveillance laws in the nation. ®