Previous Section Back to Table of Contents Lords Hansard Home Page

Lord Goldsmith: My Lords, it is already restricted in two ways. First, the order carefully identifies which sort of communications data a particular agency can obtain. There is a difference between what is called traffic data, which tells you about the location of individuals, and subscriber details, which tell you who has a certain telephone number. Certain agencies are limited to the lowest category of communications data. Someone wanting to know who is the cowboy who has been going around fitting dangerous gas heaters, to use the example of the noble Lord, Lord Jenkin, may be able to identify someone only because they have a card with a telephone number. That is subscriber information which one would need.

Lord Jenkin of Roding: My Lords, with respect, the local authorities are already using many of these powers under RIPA. Of course they do not deny that if the order comes in, there would be additional safeguards and additional powers. As they point out, the same powers will be conferred on a number of additional bodies. I was greatly reassured by what my noble friend said; the local authorities will not be deprived of using their powers—they have RIPA powers already.

Lord Goldsmith: My Lords, they do not have RIPA powers at the moment to access communications data because the order has not been passed so the powers have not come into force. They have the ability to ask communications service providers voluntarily to provide information to them under the exemption in the Data Protection Act. That is a voluntary provision by the communications service providers except in those cases where there are specific powers. There are some specific powers—there are timeshare powers, the Serious Fraud Office has powers, and so forth. Local authorities are not operating powers under RIPA to get access to communications data because the order has not come into force.

The Earl of Erroll: My Lords, the noble and learned Lord made a point about traffic data. This is where we had problems, as I mentioned in my speech. Regarding paragraphs (a), (b) and (c), I cannot find the Maritime and Coastguard Agency among the bodies that are allowed to access the traffic data which the noble and learned Lord has defined as the stuff that tells you where the person is. I cannot find the agency in the list of bodies that can access such information. I can only see the security services, intelligence services, Government HQ, the Armed Forces and the police. In fact, the Maritime and Coastguard Agency will not be able to access such data under these powers unless it

13 Nov 2003 : Column 1583

comes under paragraph (b), in which case a huge number of bodies also have access to them, which was my point earlier. Subsection (4)(a), (b) and (c) give the definitions of data. This is one of my points—it is not clear and the blurring of the edges is causing us problems. The Government should go through this; some caveats have to be included so that they can come back with something better in the future.

Lord Goldsmith: My Lords, with a little assistance, I am sure I can answer the noble Earl's question in a moment.

I said in answer to the noble Viscount, Lord Goschen, that there were two points. First, the order restricts the type of data. Secondly, as I said this morning, the authorities cannot use their powers except for a function that they have. That, in itself, results in a significant restriction on what they do. I respectfully commend the consultation paper to noble Lords because it sets this out so clearly and deals with a lot of the concerns that have been expressed.

In answer to the noble Earl, the Maritime and Coastguard Agency comes under the area operations manager of the Department of Transport. That is on page 5 of the order.

I want to deal next with the shortcomings that are alleged. I am trying to identify from what noble Lords have said what the shortcomings in the legislation are. The first such concern is whether there is any penalty for misuse in the legislation. There are other sanctions for misuse of data. Section 55 of the Data Protection Act makes it an offence knowingly or recklessly to obtain personal data without the consent of the Data Controller. An official of a public authority misusing the power to acquire communications data could commit this offence.

The Earl of Erroll: My Lords, I am terribly sorry, but the answer the noble and learned Lord has given me is nothing to do with the question. Page 5 is about the people who are authorised and the purpose for which they are authorised. My question was about having access to traffic data, which the coastguard agency is not allowed, which will give them the location.

Lord Goldsmith: My Lords, may I draw the noble Earl's attention to page 4? In Part 1, under the heading to Schedule 2, it reads:

    "Individuals in additional public authorities that may acquire all types of communications data within section 21(4)".

I hope the noble Earl is now satisfied.

The Earl of Erroll: Absolutely, my Lords.

Lord Phillips of Sudbury: My Lords, again, I am grateful to the noble and learned Lord for giving way. The definition of personal data in the Data Protection Act is much more limited than communications data under RIPA. I have checked that with the noble and learned Lord's officials.

Lord Goldsmith: My Lords, I was going on to say that there are certain safeguards and penalties already.

13 Nov 2003 : Column 1584

However, the Home Secretary acknowledged in the consultation paper that there is a concern about where the balance should lie between respect for individual privacy and the need to protect the public from crime and terrorism. It is not limited to access to communications data—it is much wider than that. It includes the use of CCTV, the use of automatic number plate recognition cameras, covert surveillance, and so forth. I entirely understand why notifying individuals where that right has been improperly interfered with is a concern. It has been raised by noble Lords and has been acknowledged in the consultation paper.

The Home Secretary and his officials are working on proposals which will address the privacy balance with the organisation Liberty and researchers working for the office of the Information Commissioner. Obviously, it is for the Home Secretary to say when he will bring forward proposals for consultation by the public and Parliament, but proposals will be brought forward, perhaps early next summer. So the issue about which the noble Lord is concerned is under active consideration as part of a wider question of the balance between privacy and powers. I hope that the noble Lord will find it helpful, therefore, to know that the issue he is concerned about, which cannot be sorted in this order as there is not the power to do it, is under active consideration. The very cogent remarks that he and other noble Lords have made on this subject will be taken into account in that consideration. I hope that he finds that assurance helpful.

The noble Baroness referred to the sharing of information, particularly with overseas authorities. I want to deal with the big points. This raises two issues: first, will United Kingdom public authorities acquire communications data on behalf of foreign agencies? The answer to that is yes, but it will happen only where the normal safeguards apply—that is, it is necessary for the prevention of crime and, in this respect, contrary to the belief of the noble Baroness, the dual criminality requirement applies in relation to the use of this part of the powers. It will have to be proportionate in the particular circumstances of the case, and the authority in question will have to assess that for itself.

The second issue concerns what other restrictions are in place. The vast majority of public authorities which obtain communications data have no need to disclose them to anyone outside the United Kingdom. There are some occasions when it might be necessary and right to do so. As noble Lords said, in debate on the Crime (International Co-operation) Bill, with trans-national organised crime it is often very important that there is co-operation between international agencies in the right case.

If the foreign agency is within the European Union, it will be bound by the data protection directive and its own data protection legislation. The data will be protected in the same way there as they are here. The directive also recognises the need to protect data that might be transferred out of the European Union. The eighth data protection principle says:

    "Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data".

13 Nov 2003 : Column 1585

That is a requirement before such information should be passed across. The public authority that contemplated disclosing information would need to assess that data would be adequately protected and what steps could be taken to ensure that. We would be happy to set out and lay in a report before the House the particular circumstances in which that might happen—saying, for example, under what treaties it might happen.

As regards legacy legislation, I repeat what I said in opening. Some authorities have general powers. The Serious Fraud Office, for which I have ministerial responsibility, has them. Those powers can be, and are occasionally, used to access communications data, but they are also used to access a great deal of other information. It is the basic power under which directors can be required to answer questions. We cannot conceivably repeal that section, because that would prevent all other methods of gathering information from being operated. Once the order is in place, the communication service providers will be saying, "We will provide information to you under RIPA—that is what the order says, and in accordance with the safeguards set out in it". That is what will happen.

The noble Viscount, Lord Goschen, asked whether the number of instances of requiring information data would go up. We cannot be precise until the order comes into effect, but the indications are that, in so far as authorities and providers have followed the RIPA model not in force in relation to access to communications data, the number of requests has gone down. Other parts of RIPA are in force—in relation to directed surveillance, for example. That may be why the noble Lord, Lord Jenkin of Roding, has information from local authorities. There has been something like a 6 per cent reduction in authorisations sought from police forces, the National Criminal Intelligence Service, the National Crime Squad and others in the past year. That is an indication that applying the safeguards in the RIPA order has the result of reducing the number of authorisations and access taking place.

One or two noble Lords asked why the police did not use the provisions in every case. There are specialist investigators for specialist issues. If a trading officer was concerned to investigate defective gas fittings, it would not be sensible to say that the police had to take over part of the investigation. It is more than that, however. There will be a number of areas, such as the Financial Services Agency, where there are specialist investigators who need the powers to do it themselves. It simply is not sensible to say that they cannot make those investigations and that the police must take on that responsibility. The police do not want it.

The noble Baroness, Lady Blatch, raised one point with which I must deal. She complained about an Answer given to a Question asked by the noble Lord, Lord Skelmersdale. The Question was specific. The noble Lord asked:

    "Which orders give directions about retention of communications data".—[Official Report, 5/11/03; col. WA 111.]

I emphasise the word "retention".

13 Nov 2003 : Column 1586

The Act is very specific; no orders for the retention of communications data—not access but retention—can be given, until the voluntary approach has been reviewed. None of the orders gives directions, and the reply to his Question reflected that. The orders open the way for the voluntary code to be put in place in relation to the retention of data.

The noble Earl, Lord Northesk, referred to an answer that he had received from the noble Baroness, Lady Scotland. I am happy to have that put in the Library, if that would satisfy him as having the answer on the record, to save time reading it out. I am glad to see the noble Earl nodding assent to that.

Finally, in relation to communications data, the noble Baroness, Lady Blatch, said that nothing had changed since last year. With respect, that is simply not the case. The order that the Home Secretary put forward and withdrew was simply a list of public authorities, which did not include the qualifications or restrictions. The new order not only lists the public authorities but restricts access to data to specific purposes, restricts access by the type of data, and restricts who may give authorisations. It is significantly different from the previous order.

4.15 p.m.

The Earl of Northesk: My Lords, I apologise for intervening on the noble and learned Lord. My understanding was that last year there were two orders; one of them was the list and the other contained safeguard elements. What happened in the intervening period was that the Home Office compiled a single order rather than two.

Next Section Back to Table of Contents Lords Hansard Home Page