Government Access to Private-Sector Data in the United Kingdom

International Data Privacy Law

19 Pages Posted: 4 Nov 2007 Last revised: 25 May 2014

Ian Brown

University of Oxford - Oxford Internet Institute

Date Written: June 1, 2012

Abstract

The most plausible means for systematic UK government access to private-sector data is through voluntary agreements with the operators of systems and databases. This was how Internet Service Providers’ communications records were accessed by police before specific statutory provision was made in the Regulation of Investigatory Powers Act 2000 (RIPA). Sections 28-29 of the Data Protection Act 1998 allow such voluntary arrangements for purposes related to national security, law enforcement and taxation. Companies such as Facebook and RIM/BlackBerry have publicly acknowledged that they provide access to specific user data when UK public authorities follow the RIPA procedures, even though they are not legally required to.

UK ISPs must retain records about their customers’ Internet sessions and e-mail, although not message contents, under the Data Retention Regulations 2009. The government continues to discuss new legal powers that would require ISPs to store records relating to their customers’ communications on webmail, social media and other sites, which could then be accessed on a semi-automated but particularized basis under RIPA.

It is likely that for national security purposes the government’s signals intelligence agency, GCHQ, undertakes large-scale surveillance of Internet data transfers to or from points outside the UK. This can be authorized under RIPA, and telecommunications providers required to facilitate interception under that Act and the Telecommunications Act 1984. Under the UKUSA agreement GCHQ cooperates extremely closely with intelligence agencies in the US, Canada, Australia and New Zealand. It is likely that any access these agencies have to private-sector data will be shared to some extent. However, such activities are highly secret.

JEL Classification: K14

Suggested Citation

Brown, Ian, Government Access to Private-Sector Data in the United Kingdom (June 1, 2012). International Data Privacy Law. Available at SSRN: https://ssrn.com/abstract=1026974 or http://dx.doi.org/10.2139/ssrn.1026974

Ian Brown (Contact Author)

University of Oxford - Oxford Internet Institute ( email )

1 St. Giles
University of Oxford
Oxford, OX1 3JS
United Kingdom

HOME PAGE: http://www.oii.ox.ac.uk/people/?id=117

Paper statistics

Downloads
442
Rank
51,152
Abstract Views
2,579