IPCO Annual Report 2018
6.39
One key element of the IPA is the introduction of specific protections for sensitive personal
data which is held or is likely to be held in BPDs retained for examination by any agency.
During our discussions with UKIC ahead of the implementation of this element of the
legislation, we questioned how the presence of sensitive data would be marked and
identified to the authorising officer. We were satisfied that this was made clear in all cases.
We are confident that the presence of any sensitive personal data would be identified
during the initial analysis and that there is therefore no risk that a substantial proportion
of sensitive personal data would improperly be obtained under a class BPD warrant. Our
inspection at MI5 has confirmed that any sensitive data is being held appropriately.
Operational purposes
6.40
The IPA establishes defined operational purposes for the use of BPD. An agency may
only use bulk data for an operational purpose listed on the warrant under which the BPD
is being retained and examined. Under the Act, the full list of operational purposes is
approved by the Prime Minister and, given the sensitivity of the work of the intelligence
agencies, this list remains classified. It would not, therefore, be appropriate for IPCO to
comment further other than to confirm that our JCs have been content with the case for
applying the operational purposes in all authorisations reviewed.
6.41
Section 215 of the IPA provides for the modification of bulk personal data warrants by
adding, varying or removing any operational purpose. However, this provision has not so far
been used as each agency has applied to retain any BPD for use across all active operational
purposes. This is in accordance with the BPD CoP, which makes clear that ‘other than
in exceptional circumstances it will always be necessary’ for BPD warrants to include all
operational purposes. This eliminates the possibility of intelligence failure, where an agency
was unable to access legally acquired data for a specific purpose. We are persuaded that
the reactive nature of intelligence work means that this approach is necessary. We have
therefore not reviewed any modifications at MI5 in relation to BPD in 2018.
6.42
MI5 will occasionally retain and examine a BPD in reliance on a specific warrant. Where the
BPD is shared with the Secret Intelligence Service (SIS) and/or GCHQ, or MI5 has plans to
share the BPD with them, the warrant may legitimately include all operational purposes.
However, in cases where MI5 is the sole user of a BPD (so does not allow staff from SIS
or GCHQ to access the dataset), examination of that dataset is only permissible for those
operational purposes which correspond to one of MI5’s statutory functions, which are
more narrowly drawn than those of SIS and GCHQ. We have recommended that MI5 ensure
that, in such cases, selection for examination of data within the BPD only takes place for
operational purposes which correspond to MI5 statutory functions.
6.43
Our 2018 inspection of MI5’s use of BPDs fell during the transition period after the
implementation of BPD warrants and selection for examination processes. We have
therefore not examined the use of operational purposes in practice but intend to examine
this in 2019.
41