CHAPTER 6: POWERS AND SAFEGUARDS
6.86.
I am informed that SSA 1989 s2(2) and ISA 1994 s4(2) are considered before any
RIPA safeguards are engaged. In brief, information must not be shared unless that
sharing is necessary for the purpose of the proper discharge of the security and
intelligence agencies’ functions.
6.87.
As to RIPA itself, information sharing (outside of MLAT) is governed by ss15(1)-(3),
which set out the general safeguards on information use (as described above). In
brief, the Secretary of State must be satisfied that the number of persons to whom the
data is disclosed and number of copies made are limited to the minimum that is
necessary and the material is destroyed as long as there are no longer any grounds
for retaining it. As a result, in practical terms, the safeguards applying to the use of
such data are entirely subject to the discretion of the Secretary of State. There are no
further safeguards set out in the Interception Code.
6.88.
RIPA itself imposes no limits on the sharing of communications data obtained from
service providers under RIPA Part II Chapter 1 with overseas governments.88
However, the Acquisition Code does provide some further information in respect of
specific requests for information:
88
89
90
91
92
(a)
Communications data may be sought via an MLAT mechanism, whereby an
overseas court or prosecuting authority formally requests material stored in the
UK.89 This is considered by the UK central authority in the Home Office and, if
accepted, passed to the appropriate public authority to action in line with the
Acquisition Code.
(b)
Overseas authorities may also make non-judicial requests for assistance to
public authorities in the UK. The UK authority must consider the necessity and
proportionality of each case and may then obtain that data via its powers under
RIPA. Before it acquires and transfers that data, the UK authority must consider
whether the data will be adequately protected outside the UK and may attach
conditions to the processing storage and destruction of the data.90
(c)
If the requesting state is within the EU, communications data can be disclosed
without consideration of further safeguards. The European Commission has
also determined that certain countries (such as Canada and Switzerland) have
adequate safeguards in place. In all other circumstances, the public authority
must consider whether the data will be adequately protected.91
(d)
However, the Code recognises that “there may be circumstances when it is
necessary, for example in the interests of national security, for communications
data to be disclosed to a third party country, even though that country does not
have adequate safeguards in place to protect the data.”92
Communications Data associated with intercepted material is governed by ss15(1)-(3).
Acquisition Code, paras 7.13-14.
Ibid., paras 7.15-17.
Ibid., paras 7.18-20.
Ibid., para 7.21.
116