Legislative Scrutiny: Counter-Terrorism and Security Bill - Human Rights Joint Committee Contents

5  Data retention

5.1 Part 3 of the Bill amends the Data Retention and Investigatory Powers Act 2014 ("the DRIP Act") to enable the Secretary of State to require communications service providers to retain the data that would allow relevant authorities to identify the individual or the device that was using a particular IP (internet protocol) address at any given time.[68]

5.2 This Part of the Bill has been controversial with NGOs in particular, some of which argue that these provisions pre-empt the various reviews currently being conducted into the adequacy of the current legal framework governing surveillance and data retention, including the Regulation of Investigatory Powers Act 2001. We have received submissions on this Part of the Bill from Big Brother Watch, expressing concerns about the timing of the Bill in light of the current reviews of surveillance powers being undertaken, and about the adequacy of oversight and safeguards.

5.3 The Independent Reviewer, however, considered this part of the Bill as dealing with the easiest and least controversial part of the draft Communications Data Bill that was published in 2012, and being "in principle, a desirable power that is needed".[69] He regarded scrutiny of the clause as essentially a technical matter for relevant experts to ensure that the wording of the new power is limited to what is strictly required to provide the power that is said to be missing. The Minister pointed out that these provisions are time-limited, being subject to the same sunset clause as the DRIP Act (that is, December 2016).[70]

5.4 A draft Code of Practice was published by the Government for public consultation on 9 December 2014.[71] In the limited time available to us to scrutinise the Bill, we have not been able to scrutinise the draft Code and we do not therefore comment in this Report on the adequacy of the safeguards it contains against disproportionate interference with the right to respect for privacy and for personal data. We draw to Parliament's attention, however, our concern as to whether UK law as a whole, including the Regulation of Investigatory Powers Act, the DRIP Act, and all relevant Codes of Practice, satisfy all of the requirements set out in the judgment of the Court of Justice of the European Union ("CJEU") in the Digital Rights Ireland case. The CJEU in that case held that indiscriminate or "blanket" retention of communications data is incompatible with the right to respect for privacy and the right to protection of personal data, and compatibility with those rights depends on the adequacy of all the relevant safeguards taken in the round.

5.5 The DRIP Act was enacted on a legislative timetable which made it impossible for us to report on the Bill before it had completed all of its stages in both Houses, but we wrote to the Home Secretary on 16 July asking for a detailed memorandum setting out in full the Government's analysis of precisely how UK law satisfies, or will satisfy, each of the requirements set out in the relevant parts of the CJEU's judgment.[72] The Home Secretary replied on 31 July with a "summary" of the safeguards governing retention of and access to communications data. The exchange of correspondence is available on our website.[73] We are grateful to the Home Secretary for her response, but we note that her letter did not identify, as we had requested, in relation to each of the requirements set out in the CJEU's judgment, the precise provisions of RIPA, the DRIP Act, or the draft Data Retention Regulations 2014 which satisfy the particular requirement.

5.6 We draw this correspondence to the attention of both Houses as it is relevant to Parliament's consideration of whether the UK's legal regime for the retention of communications data, viewed in the round, and including the provisions of Part 3 of the Bill and the draft Codes of Practice, contains adequate safeguards to prevent disproportionate interference with the right to respect for privacy and personal data.

68   Clause 17. Back

69   Evidence of David Anderson QC, 26 November 2014, Q24 Back

70   James Brokenshire MP, 3 December 2014, Q33. Back

71   Retention of Communications Data Code of Practice-Addendum in relation to the provisions contained in the Counter Terrorism and Security Bill (9 December 2014) https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/383403/Draft_Data_Retention_Code_of_Practice_-_IP_resolution_addendum_-_for_pub....pdf  Back

72   C-293/12 (8 April 2014), paragraphs 54 to 68 of the judgment. Back

73   http://www.parliament.uk/business/committees/committees-a-z/joint-select/human-rights-committee/legislative-scrutiny-2014-15/data-retention-and-investigatory-powers-bill/ Back

previous page contents next page

© Parliamentary copyright 2015
Prepared 12 January 2015