Investigatory Powers Bill

Written evidence submitted by Med Confidential (IPB 42)

Bulk Personal Datasets for the Investigatory Powers Bill Committee

1. Part 7 of the Bill allows for a wide range of uses of Bulk Personal Datasets, that require very different handling.

2. Data which can be collected, will be collected, if it is within the remit of the Agencies (which is not up for debate in this Bill). As such, Part 7 requires amendment.

Bulk Personal Datasets for Avowed Purposes

3. The need for BPDs has been cited for access to various databases where the citizen voluntarily requests a permit or similar, and that information is useful to the agencies - e.g. firearms licenses, passport, or a telephone directory. Such licensing is regularly renewed, and future permit forms could simply include a requirement that to receive such a license, they must consent for the record to be given to the Agencies for their purposes.

4. For avowed purposes, this would eliminate the need for the Home Secretary’s time to approve routine collection warrants - this can be a fully consented process.

5. In short: Datasets that can be subject to consented collection, should be subject to consented collection.

Disavowal of Purposes: medical records

6. Warrants for Bulk Personal Datasets contain no exemptions for datasets that, were the data to be requested on an individual basis would require special measures, such as medical records.

7. Requesting information from the medical history of a suspect is one thing, and subject to BMA agreed processes. The unamended Bill contains no protections for what are specially protected areas when collected on an individual basis, when the data is collected on everyone. This may not be "mass surveillance", but it is usable for "bulk surveillance" of the kind that is prohibited on an individual basis.

8. Other submissions will cover the problems of legitimacy of bulk powers. There can be no defence against bulk powers having lower barrier to access than each individual record contained within.

9. The Home Secretary claimed that disavowing the use of the nation’s medical history for intelligence purposes would aid those who wish the public harm - it is inconceivable how.

10. The Home Office’s mission is to protect the UK and our values - it can not do that by ignoring them.

Non-avowed Purposes

11. There will always be areas where the agencies require data for purposes which they will not discuss publicly. That is not necessarily the same as avowal of minimal powers, and disavowal of nothing.

12. Where a Data Controller is a UK entity, the agencies are currently permitted to acquire the data from a data processor (overtly or otherwise), and prevent them from telling the data controller the data has been taken. This means that organisations which may wish to exercise protections of the law, they will not know they need to do so. This is a backdoor for the agencies to secretly acquire data from data processors, when there is no need for them to do so. Is that what was intended?

April 2016


Prepared 6th April 2016