A Home Office consultation paper published on Thursday also makes clear that the 250,000 requests each year for access to personal communications data by the police and other public bodies will in future be restricted to investigations into crimes that carry a prison sentence of at least six months or more.
But the government says the 2016 European court of justice (ECJ) ruling in a case brought by Labour’s deputy leader, Tom Watson, initially with David Davis, now the Brexit secretary, does not apply to the “retention or acquisition” of personal phone, email, web history or other communications data by national security organisations such as GCHQ, MI6 or MI5, “as national security is outside the scope of EU law”.
The new safeguards involve fresh amendments to the Investigatory Powers Act – described as the snooper’s charter – and follow the ECJ ruling, which said the “general and indiscriminate retention” of personal communications data “cannot be considered justified within a democratic society”.
The European judges ruled that such mass harvesting of personal communications data could only be considered lawful if accompanied by strong safeguards including judicial or independent authorisation and only with the objective of fighting serious crime including terrorism.
Davis, before withdrawing from the case when he became a minister, argued that the government’s approach to collecting communications and other personal digital data amounted to “treating the entire nation as suspects”.
Communications data covers the who, where, when, how and with whom of a phone call, text, email or web page visit but does not cover the content of those exchanges, which is covered separately by interception laws that require ministerial authorisation.
The new proposed safeguards, which are the subject of a seven-week consultation, include:
- Communications data requests to be authorised by a new body, the Office for Communications Data Authorisation, under the investigatory powers commissioner, Lord Justice Fulford. They are currently authorised by police officers at the level of superintendent or inspector, and by senior officers in Border Force, the Department for Work and Pensions and HM Revenue & Customs.
- Restricting the use of communications data to investigations of serious crime but using an offence carrying a six-month prison sentence rather than the usual three-year threshold so that offences such as stalking and grooming are not excluded. In the case of internet connection records – tracking personal web browsing histories – the threshold remains at 12 months.
- Additional safeguards that must be taken into account before a “data retention order” can be issued to a phone or postal operator.
- The retention or acquisition of communications data will no longer be allowed for public health, tax collection or to regulate the financial markets.
- Mandatory guidance on the protection of retained data in line with European data protection standards.
The security minister, Ben Wallace, said communications data was used in the vast majority of serious and organised crime prosecutions and had been used in every major security services counter-terrorism investigation over the last decade, and its importance could not be overstated.
“For example, it is often the only way to identify paedophiles involved in online child abuse and can be used to identify where and when these horrendous crimes have taken place,” he said.
Also see: London: The Best Sights
But Liberty, the human rights organisation, called the concessions “half-baked”. “This is window dressing for indiscriminate surveillance of the public, when ministers should be getting on with changing the law,” said Silkie Carlo, Liberty’s senior advocacy officer.
“We warned the government from the start that the authoritarian surveillance powers in the Investigatory Powers Act were unlawful. It should be a source of deep embarrassment that, less than a year after it passed, ministers have had to launch a public consultation asking for help to make it comply with people’s basic rights.”