In yesterday’s blog, I suggested that the haste for the Data Retention and Investigatory Powers Bill (DRIP) was because of intended legal action; it looks as if my hunch is more than 50% correct.
Secondly, I also said that the statements made by Government in relation to data protection, the national security functions and these emergency measures were complete rubbish; the ICO at his Annual Report launch yesterday confirmed that the protections afforded to data subjects by the Data Protection Act are minimal.
Intended legal action
Privacy International (PI) has taken legal action with seven internet and communications service providers. These companies include: Riseup (US), GreenNet (UK), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (Korea) and May First/People Link (US). Note the international nature of these organisations.
Now look at this quote from the Minister which provides the substantiation Clause 4 of DRIP:
“The territorial extent of RIPA has perhaps never been as explicit as it should have been. As a result, some overseas companies have started to question whether they are obliged to comply with warrants that are served on them. Our judgment is that that situation has reached a dangerous tipping point, and that it is necessary to put it beyond doubt that RIPA applies equally to public telecommunications services that are located overseas and those that are headquartered in the UK”. (Hansard 15 July 2014 : Column 782)
So, if RIPA was “not explicit”, what is the status of all the decade of interceptions that have occurred before this amendment? Could they be unlawful? Is the “tipping point” mentioned by the Minister PI’s legal action?
Data Protection: spot the difference
At the Annual Report meeting yesterday, the Information Commissioner said that he had been given permission to publish his evidence to the Intelligence Security Committee. In that evidence (see references), one key point said:
“The Data Protection Act provides only limited reassurance as a wide ranging exemption from its provisions can in any case be relied on where safeguarding national security is concerned”
The Explanatory Notes to DRIP:
“It is assessed that implementation of the proposed legislation is capable of being fully compliant with the Data Protection Principles and the Data Protection Act 1998”.
Note that by “fully compliant” the Government means “exempt”.
A copy of the Data Retention and Investigatory Powers Bill and Notes have moved to the Parliamentary website: http://services.parliament.uk/bills/2014-15/dataretentionandinvestigatorypowers/documents.html
Other important DRIP details on https://www.gov.uk/government/publications/the-data-retention-and-investigatory-powers-bill
Details of the Privacy International action: https://www.privacyinternational.org/blog/stop-breaking-the-internet-internet-and-communications-service-providers-take-legal-action
Previous blog “Misleading data protection statements and another reason for the emergency data retention law?”: http://amberhawk.typepad.com/amberhawk/2014/07/misleading-data-protection-statements-and-another-reason-for-the-emergency-data-retention-law.html