Out-Law News 2 min. read

Access to “Snooper’s Charter” data may extend overseas


Data to be held by telcos and ISPs under proposed UK legislation will be available on request to investigatory authorities in countries such as Estonia, Serbia, and Russia, Privacy International warned a House of Lords conference today.

Parliament is currently considering a number of new regulations that create a system for the retention of and access to communications data.

Communications data are those data retained by telecommunications companies (including ISPs and interactive television service providers) and is limited to data that describe the caller and the means of communication (e.g. subscriber details, billing data, e-mail logs, personal details of customers and records showing the location where mobile phone calls were made) but not the content of the communications.

Communications data are viewed as valuable as they permit the creation of a comprehensive dossier on the contacts, friendships, interests, transactions, and movements of individuals.

The system dates back to the Anti-Terrorism, Crime & Security Act (ATCSA), which was enacted in the aftermath of the September 11th tragedy. Provisions in this Act required the retention of communications data on the grounds that these were needed for the purpose of fighting terrorism.

Another Act, the Regulation of Investigatory Powers Act of 2000 (RIPA), extended access to this data to many other UK agencies for purposes unconnected with terrorism. The proposed regulations, among other things, detail who these other agencies will be.

However, Human Rights group Privacy International today warned that in the future investigatory authorities in other countries will also be able to access the information - through a network of international treaties.

The most notable of these is the recent Council of Europe (CoE) Cybercrime Convention, which allows for "minimum standard" mutual law enforcement assistance between nations. Thirty-seven countries have so far signed the treaty, including Armenia, Greece, Lithuania and Turkey.

Albania, Estonia and Croatia have already ratified the treaty, thus bringing it into legal force. The UK has signed the treaty, but no date has yet been set for its ratification into law.

According to Privacy International, Russia has been arguing in the G8 for a data retention regime. If successful, it too would have access to UK data under the mutual assistance treaties.

The group warned:

"The low standard of evidence or authentication demanded for these transfers creates exceptional dangers to many ethnic and other groups in the UK. The conditions for sharing this information are such that the transfer does not have to involve dual-criminality."

It continued:

"Current procedures in the UK do not require dual-criminality when responding to requests from other countries. In fact, sometimes only very basic information is required to inform the UK officials of the purpose of the data to be transferred."

Privacy International's Director, Simon Davies, warned:

"The government's plan to stockpile this massive amount of sensitive information poses a risk to a great many people. The proposals should be abandoned immediately... The proposals are ill considered, unnecessary and unlawful."

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.