GCHQ, MI5 and MI6 "unlawfully" collected data for over a decade

Tribunal rules GCHQ, MI5 and MI6 surveillance breached Article 8 of the ECHR

UK spy agencies broke privacy rules and illegally collected data on UK citizens for over a decade without appropriate safeguards, according to a landmark ruling by the Investigatory Powers Tribunal (IBT) released today.

Complaints were brought forward in July by human rights organisation Privacy International, claiming that GCHQ, MI5 and MI6 had breached Article 8 of the European Convention on Human Rights (ECHR).

The IBT ruling today found that the three agencies (SIAs) had unlawfully collected communications data between 1998 and 2015. This data contains the "who, when, where and how", including telephone, internet, mobile communications and location information.

It also ruled that collections of "bulk personal data", such as "considerable volumes of biographical details, commercial and financial activities, and communications and travel", were unlawfully obtained between 2003 and 2015.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Official legislation on how to lawfully collect personal data came into force in February 2015 under the SIA Bulk Personal Data Policy. Before this however, the tribunal found that the absence of safeguards breached Article 8, making personal data collection "unlawful".

Article 8 of the ECHR guarantees the right to respect for a person's "private and family life, his home, and his correspondence" and that any attempts to breach this right should be "in accordance with law".

Security concerns were raised by the tribunal, including the discovery of an internal memo warning staff to not use the vast data systems to search for "other members of staff, neighbours, friends, acquaintances, family members and public figures".

Given the secretive nature of the data collection, it seems "difficult to conclude that the use of bulk communication data collection was foreseeable by the public when it was not explained to Parliament", according to the IBT.

GCHQ, MI6 and MI6 argued that the use of such powers is "lawful and essential for the protection of national security".

The tribunal has stated that following the additional oversight implemented in February, personal data collection is now lawfully carried out in the UK.

Advertisement - Article continues below

However Privacy International believes safeguards are still inadequate, with a spokesperson responding to the ruling by saying: "There is no requirement for judicial or independent authorization. Supervision by a member of the executive (ie a government minister) does not provide the necessary guarantees that surveillance operations that could impact on millions of people are necessary and proportionate."

Legal representative for Privacy International, Mark Scott of Bhatt Murphy solicitors, said: "This judgment confirms that for over a decade UK security services unlawfully concealed both the extent of their surveillance capabilities and that innocent people across the country have been spied on."

In response to the ruling, the Home Office stated it is "committed" to providing greater transparency and stronger safeguards.

"We are pleased the tribunal has confirmed the current lawfulness of the existing bulk communications data and bulk personal dataset regimes," said a Home Office spokesperson to the BBC.

The House of Lords is currently debating the final details of the Investigatory Powers Bill, aka the Snooper's Charter, which aims to create a legal framework for mass digital surveillance. This was spurred on by the Edward Snowden leaks in 2013, showing the extent of surveillance in the UK.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/network-internet/web-browser/354614/microsoft-developer-declares-its-time-to-ditch-ie-for-edge
web browser

Microsoft developer declares it's time to ditch IE for Edge

23 Jan 2020