Report of the Interception of Communications Commissioner - July 2016
on the consequence of the conduct. Secondly, there is still no complete definition of
“relevant error” in clause 207(9) which appears to still be confined to public authority
conduct, even though around 21% of interception errors and 13% of communications
data errors are caused by CSPs. The draft IP Bill Codes of Practice should provide clarity
and further detail on these points but at present they do not. Thirdly, we have concerns
that the threshold is set artificially high, which will prevent individuals from being able
to seek effective remedy. We note that the Government has committed to review the
threshold for error reporting (see the Government response to IP Bill Joint Committee
recommendation 5828), but we have not seen any evidence of this review as yet.
5.19 The Joint Committee’s recommendation to remove the national security
exemption relating to the requirement for DPs to be independent of investigations or
operations when approving communications data has not been implemented. Clause 59
still includes a broad exemption for national security purposes which dilutes considerably
the strengthened process introduced in the March 2015 Acquisition and Disclosure of
Communications Data Code of Practice which came about as a result of the Digital Rights
Ireland Judgement by the European Court of Justice (ECJ). The Government’s response
sets out that the exemption only applies in “exceptional and particular cases” and that
it is not a blanket exemption. However, in our view that position is not reflected in the
drafting of clause 59.
5.20 Clause 72 has not been amended and still disapplies the requirement for a public
authority to consult with a SPoC when acquiring communications data in the interests
of national security. The SPoC is a key safeguard in the process and the justification for
considering the interests of national security always to be an exceptional circumstance
is unclear.
5.21 The Government has not taken the opportunity to bring all of the investigatory
powers used by public authorities into the IP Bill (e.g. Part 2 of RIPA which covers
directed and intrusive surveillance authorisations for law enforcement) and curiously it
prescribes different authorisation and modification procedures for targeted equipment
interference warrants made on behalf of the intelligence services to those on behalf of
law enforcement. The different application and approval procedures are confusing, lack
clarity, and it is not clear on what basis they are justified. We agree with others that this
is a missed opportunity.
5.22 In our 2015 report the former Commissioner made clear that it would be preferable
if our prison oversight was formalised as a statutory function. Our understanding is that
the Government intended to do this in the IP Bill. However, although clause 47 of the
IP Bill provides that the interception of communications in a prison is authorised if it is
conduct in exercise of any power conferred by or under Prison Rules, there is no provision
for oversight of the operation of those powers. Clause 205 of the IP Bill sets out the main
oversight functions of the Investigatory Powers Commissioner and includes the exercise
of functions by virtue of section 80 of the Serious Crime Act 2015 (prevention or restriction
of use of communication devices by prisoners etc.) and the exercise of functions by virtue
28 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/504174/54575_
Cm_9219_WEB.PDF
www.iocco-uk.info
15