CHAPTER 12: CIVIL SOCIETY
(d)
Further concerns are raised regarding the limits of sanctions imposed on
service providers by DRIPA 2014,81 which do not impose a specific offence for
unlawful disclosure of data collected under that statute.
12.69. Yet robust and clear accountability and sanctions for breaches of standards is
necessary, it is argued, to ensure compliance.82 One way of achieving this might be
the admissibility of intercept evidence into court.83
12.70. Moreover, many civil society actors were of the view that there should be enhanced
protection for whistleblowers, including a clearer route to oversight mechanisms and
fewer sanctions.
Data sharing and seeking data from abroad
12.71. The failure to regulate for and provide safeguards as to data sharing with other states
has not only been criticised,84 but in certain circumstances has been found unlawful.85
While in the Liberty IPT Case it was broadly found that current practices in relation to
the receipt of information from abroad, are now lawful, mirroring the conclusions of
the ISC in relation to PRISM,86 this is a matter which is further raised in Big Brother
Watch’s application and in the Liberty ECtHR Application. No similar decision has
been undertaken in relation to the receipt of communications data from overseas.
Even if current standards can be said to satisfy Article 8, many in civil society are of
the view that the safeguards applying should be set out in law and significantly more
robust. In particular, as most states apply differential safeguards based on citizenship
and/or geography (with heightened safeguards being required closer to home), the
weaker standard will become the norm if extensive and unregulated data sharing is
undertaken. It was emphasised that it should be unlawful to obtain data on UK citizens
from foreign governments that it would be unlawful to obtain within the UK, and that
sanctions should attach to these obligations. There is also a need for clear standards
on the use and access to data from foreign sources.
12.72. Likewise, there were concerns not only in relation to the receipt of data from other
states but also the sharing of data by UK authorities.87 The UKUSA Agreement sets
out the basis for data sharing in only the most general terms. As explained in Chapter
6, the Secretary of State exercises a very broad discretion when determining whether
data should be shared with a foreign State. It was argued that this sphere was
insufficiently regulated, particularly in relation to data sharing amongst the Five Eyes.
There is nothing in the public domain concerning the guarantees secured by the UK
Government concerning the storage, retention, destruction and use of those data.
81
82
83
84
85
86
87
Data Retention Regulations 2014/2042, see in particular regulations 12(2), 13(2)(b) and 15(9).
Richard Greenhill’s submission dealt with the lack of sanctions for a range of issues.
As urged in particular by the Guardian Media Group and the Bingham Centre for the Rule of Law.
As it was, heavily, in the submissions received from in particular Access, as well as the All Party
Parliamentary Group on Drones.
In the Liberty IPT Case, described in more detail in Chapter
Liberty IPT case, judgment of 5 December 2014; ISC, Statement on GCHQ’s alleged interception under
PRISM, (July 2013).
As helpfully set out in the submission from the All Party Parliamentary Group on Drones.
234