87
As noted at paragraph 64 above the statutory framework (set out in detail in
the Appendices to this Judgment), which governs the use by the SIAs of BCD
and BPD, is significant:
(i) in relation to the matters we are considering, each of the SIAs may
only exercise its powers for the purpose of exercising the statutory
functions of protecting national security, safeguarding the economic
well-being of the United Kingdom from external threats, or supporting
law enforcement agencies in the prevention or detection of serious
crime:
(ii) each of the SIAs is under a duty, imposed by arrangements made
under statute (e.g. SSA 1989 s.2 (2)(a)) not to obtain any information,
by any means, except so far as is necessary for the proper discharge of
its functions or disclosed to others except for prescribed purposes and
(iii) there are substantial statutory protections, in particular under the
Official Secrets Act 1989, against the misuse by any person of
information obtained by the SIAs.
88
We turn to deal with the specific criticisms made by the Claimant in respect of
the present and continuing arrangements, which we have set out in Appendices
A (BCD) and B (BPD) to this Judgment, extracted from the Appendices to the
Respondents’ Skeleton, referred to in paragraph 71 above. There were few
such criticisms, but they seem to us all (with one potential exception, referred
to in paragraph 95 below) not to amount to invalidation of the arrangements
presently constituted and published, which are all subject to the statutory
duties of the SIAs under the SSA 1989 and the ISA 1994, to the other statutory
provisions there referred to (including the Data Protection Act 1998) and to
the continuing oversight by the Commissioners.
89
In the July Review of directions given under s.94, published in July 2016, the I
C C made recommendations at section 12, and made observations at section 4
as to matters which could be included in a code of practice, if one were to be
promulgated. The Claimant in its skeleton argument at paragraph 73 places
reliance on the point that not all the matters referred to in paragraphs 4.14 and
4.15 have yet been adopted in practice. However the Commissioner
acknowledges that there is no provision under s.94 for a Code of Practice to be
issued, and his formal recommendations are those set out at section 12, and we
repeat what we said in paragraph 86 above as to the relevance of
improvements, or proposed improvements.
90
It is important to note that the July Review was not addressing compliance
with Article 8 (because of the fact that this application to this Tribunal was
outstanding), nor are all the formal recommendations in section 12 material to
the issues which we have to consider. Many of those recommendations as to
the process to be followed are designed to ensure that adequate records are
kept, and notifications made, so that the Commissioner can properly review
the operation of the s.94 regime. Other recommendations are intended to
ensure that the scope of the requirements imposed on the PECNs are clear.
However the issue for us to consider is whether any of the recommendations
indicate that there are not currently effective safeguards against arbitrary or
33