Error Investigation 29
Error by:
Public Authority
Human or
Technical:
Human
Cause:
Applicant invited CSP to use exemption under DPA to disclose
CD.
Data Acquired:
Log-in history determining from where access to an ‘app’ had
occurred.
Description:
A police force sought to determine the location or locations
from where a victim had accessed three ‘apps’ from their electronic device (for example, their mobile phone or tablet) over
several days. The investigator, acting on incorrect advice,
engaged directly with the CSP who operated the ‘app’. They
asked them to use exemptions under the Data Protection Act
1998 to disclose communications data to provide the log-in
history of that user. The CSP complied with this request. The
error was discovered when the investigator later submitted a
subscriber check for the IP.
Consequence:
This error highlights that police investigators are not always
aware of the very broad meaning of a ‘telecommunications
service’ within RIPA (see sections 2(1) and 81(1) and paragraph 2.16, 2.17 & footnote 4 of the Code of Practice accompanying Chapter 2 of Part 1 RIPA). To be clear: the definition
is extremely broad. Any requesting of information relating to
online activity may well fall under RIPA.
IOCCO has shared details of the error investigation and report
to help the College of Policing to identify training requirements
within public authorities (see paragraphs 8.4 and 9.2 of the
Code of Practice accompanying Chapter 2 of Part 1 RIPA).