Draft Regulation of Investigatory Powers (Communications Data) (Amendment) Order 2015
The Committee consisted of the following Members:
† Beith, Sir Alan (Berwick-upon-Tweed) (LD)
† Bingham, Andrew (High Peak) (Con)
† Bradley, Karen (Parliamentary Under-Secretary of State for the Home Department)
† Burns, Conor (Bournemouth West) (Con)
† Coffey, Dr Thérèse (Suffolk Coastal) (Con)
Dobson, Frank (Holborn and St Pancras) (Lab)
† Fabricant, Michael (Lichfield) (Con)
† Heath, Mr David (Somerton and Frome) (LD)
† Heaton-Harris, Chris (Daventry) (Con)
† Hollingbery, George (Meon Valley) (Con)
† Johnson, Diana (Kingston upon Hull North) (Lab)
McDonagh, Siobhain (Mitcham and Morden) (Lab)
Pearce, Teresa (Erith and Thamesmead) (Lab)
Shannon, Jim (Strangford) (DUP)
† Skidmore, Chris (Kingswood) (Con)
† Whitehead, Dr Alan (Southampton, Test) (Lab)
† Wilson, Phil (Sedgefield) (Lab)
Leoni Kurt, Committee Clerk
† attended the Committee
Eleventh Delegated Legislation Committee
Thursday 5 February 2015
[Mr Graham Brady in the Chair]
Draft Regulation of Investigatory Powers (Communications Data) (Amendment) Order 2015
11.30 am
The Parliamentary Under-Secretary of State for the Home Department (Karen Bradley): I beg to move,
That the Committee has considered the Draft Regulation of Investigatory Powers (Communications Data) (Amendment) Order 2015.
Mr David Heath (Somerton and Frome) (LD): On a point of order, Mr Brady. For the avoidance of doubt, I am a member of the board of the Solicitors Regulation Authority, which may or may not carry out regulatory functions under the aegis of the Financial Conduct Authority, which may or may not be a declarable interest in the context of the order.
The Chair: Whether it is or not, it is now on the record. Thank you very much.
Karen Bradley: I feel that I now ought to declare that I am a member of the Institute of Chartered Accountants in England and Wales and of the Chartered Institute of Taxation. I am slightly concerned that if I do not declare that, there might be a problem, so I thank my hon. Friend the Member for Somerton and Frome for making that point.
The order fulfils the important Government commitment to reduce the number of organisations that can access communications data. The measure is a crucial safeguard. I know that the Committee will agree that only those authorities that can make the strongest possible case should be allowed access to such data. The order replicates a power to access communications data that already exists in the Financial Services and Markets Act 2000, which ensures that requests for communications data by the financial regulators are subject to the safeguards in the Regulation of Investigatory Powers Act 2000. I hope that hon. Members will support the order.
Michael Fabricant (Lichfield) (Con): My hon. Friend knows that I am a strong champion for civil rights but, as I have said once before, I also believe that it is a civil right to be able to walk our streets safely without fear of being beheaded, bombed or shot by some crazed jihadist or somebody else. Will she assure me that the statutory instrument is not too lenient?
Karen Bradley: I can absolutely assure my hon. Friend on that. We all agree that we want to have safety and security, but we also want to ensure that we recognise civil liberties and the right of people to carry on their everyday lives without unnecessary interference from the Government. Therefore, I hope that hon. Members will support the proposals.
11.32 am
Diana Johnson (Kingston upon Hull North) (Lab): I have a few questions for the Minister. The order is about communications data, and the explanatory notes refer to “communications”. Without defining what those are, the explanatory notes refer broadly to messages. Could the Minister help us to fully understand what that means in relation to social media? I have raised the issue before. Could the Minister confirm whether, for example, a Facebook wall post, a tagged photo on Instagram, or a mention in a tweet count as messages for the purposes of the legislation we are discussing? It would be quite helpful to fully understand that.
I have a few other issues to ask the Minister about. First, why is the order being introduced now? The Government made a commitment to act when they introduced the Data Retention and Investigatory Powers Act 2014, nine months ago. It is interesting that they have chosen to introduce the order before the publication of two important reports by the independent reviewer of terrorism legislation and the Intelligence and Security Committee, which are due to be published shortly. Why have the Government decided to do that?
Secondly, why is there no impact assessment for the order? The explanatory notes state that that is because compliance does not add an extra burden to businesses or public bodies. That seems to miss the point. If the implementation of the order compromises the ability to act, there would be a cost to the agencies we are looking at today, which are currently using communications data, and everyone who benefits from that enforcement.
Thirdly, why were those particular 13 agencies selected? I noted that, in the other place, Baroness Williams was not able to answer that. She said that the Joint Committee on Human Rights had struggled to identify which bodies should lose the powers and that the agencies were not using the powers as much as other agencies. It is important to note, however, that it is not how often the powers are used, but how useful those powers are to organisations and agencies that is the crucial question. For example, it does not matter if the Civil Nuclear Constabulary, which is one of the agencies that will lose their powers, uses the power only once or twice if on both those occasions it was absolutely vital for the investigation and was a matter of national security. The same could be said of investigations by the Food Standards Agency—it is another of the agencies that will lose their powers—into food fraud, which many Members have expressed concerns about.
Will the Minister tell the Committee how many of the 13 agencies have accessed communications data in the past year? What steps has she taken to assess the importance to each agency of the powers available to them?
Will the Minister explain what extra investigations the changes to the regulations around the Financial Conduct Authority will enable it to perform in practice? What steps will be taken to monitor the additional data collection? We know that many right. hon. and hon. Members are very concerned about data being collected and held. Those are my specific questions on the order. I hope that the Minister’s helpful answers will allow the Opposition to support the order.
11.37 am
Sir Alan Beith (Berwick-upon-Tweed) (LD): I welcome the order. The removal of a series of bodies from the list of those that have access to communications data is a welcome response to concerns expressed by two parliamentary Committees. I am pleased that the Government have gone ahead with the order, rather than waiting. RIPA, the parent Act that we are talking about, is often misunderstood and presented as having created a whole lot of new powers. What it sought to do, but did not do as effectively as I would have liked, was to regulate powers that a lot of authorities were informally using. The explanatory memorandum refers to the FCA being better regulated by having its existing access, which the order extends, under the RIPA umbrella.
The order is a helpful step. It may be the case that until RIPA was passed, some authorities did not even know that they could exercise these powers, but overall RIPA was a significant, if insufficient improvement. Limiting the number of bodies using the powers is beneficial. Where any of the bodies listed as having been removed have investigations that might require access to communications, it is far better that that is exercised through the civil police, who are the best relevant authority for most purposes.
11.38 am
Karen Bradley: I thank the shadow Minister and my right hon. Friend the Member for Berwick-upon-Tweed for their contributions. I will endeavour to answer the questions that have been raised, starting with the point about social media. The shadow Minister will know that what we are talking about here with communications data is the who, where and when of a communication; we are not talking about the content of a communication made through, for example, Facebook, Twitter or Instagram. The provisions of RIPA relate to the who, what and where.
Diana Johnson: Just so that we are all clear, the actual use of Facebook, Twitter or Instagram—for example, to upload a photo—would count as a message under the order today. Is that what the Minister is saying? I understand that it is not the content, but would the use of any of those types of social media count?
Karen Bradley: The use of social media counts, but not the contents. It is not a question of what the photograph looks like, but the fact that someone accessed the social media on that day, to communicate in that way. That is what we are talking about: the accessing of social media, but not the content of the post.
The hon. Lady asked about timing. She will know, of course, that in July, during the passage of the Data Retention and Investigatory Powers Act 2014, the Government made a commitment to reduce the number of organisations with access to communications data. We are doing it now simply because of that commitment. We have done the work required and are in a position to take those actions. She made the important point that other reviews are going on, but that is not a reason not to go ahead. We came to the conclusion that certain bodies should not have the powers in question, and made a commitment, so we think now is an appropriate time.
I should point out something to which my right hon. Friend the Member for Berwick-upon-Tweed alluded, which is that some hon. Members may think we should have gone further and taken the power from more authorities. We considered the business case for all authorities with communications data powers, and I assure the Committee that, where authorities have been allowed to retain their powers, there are good reasons.
We considered several issues, including the statutory responsibilities of the authorities with access, the seriousness of the offences that they investigate and the number of requests that they made. Although it was not easy to identify authorities that should lose powers, and we consulted all those affected, the 13 bodies in question could not demonstrate sufficiently robustly that they needed the powers identified in the order and that their continued access would be strictly necessary.
The shadow Minister asked why there was no impact assessment. If anything, the order will reduce demands on industry. We found that the authorities concerned either did not need the powers or had other powers, so the assessment would be that the impact, if anything, would be reduced. That is why we did not feel that a full impact assessment was required.
The shadow Minister asked about the Financial Conduct Authority and the additional investigation. The intention is to replace powers currently available in the Financial Services and Markets Act 2000. The order specifies that only two public authorities—the FCA and the Prudential Regulation Authority—will be able to rely on the relevant purpose to obtain access to communications data. It will ensure that all their requests for communications data will be subject to the RIPA safeguards.
The two authorities can currently get access to communications data under RIPA for the purpose of the prevention or detection of crime, and under the Financial Services and Markets Act 2000 when they investigate civil abuse of the financial system. I am sure that the Committee will understand, particularly in the light of experience in the past few years, how serious and damaging an effect abuse of the financial system can have. Communications data can show who contacted whom and at what time. The power is fundamental in proving that, for example, insider dealing has taken place. The new purpose replaces powers that have been available under the 2000 Act, but ensures that they are subject to the robust RIPA safeguards.
Sir Alan Beith: The thing to keep a close eye on under RIPA is who authorises access to communications data, and how good a record is maintained. That is the only way to prevent the abuse of data for completely different purposes, perhaps sometimes by rogue individuals in the organisation. All that does not represent any argument against the order.
Karen Bradley: I accept my right hon. Friend’s very good point. In the light of those comments it is worth reminding the Committee that the order recognises that obtaining access to communications data is intrusive. It therefore ensures that only those with the strongest cases will be permitted such access. However, it also recognises that the purposes for which access may be required are not straightforward. It is right for financial regulators to have the powers that they need to investigate
abuse of the financial system, and for us to maintain a continual review of the bodies that have access to the data. We can then get the right balance.