Data Retention and Investigatory Powers Bill Debate

Full Debate: Read Full Debate
Department: Home Office

Data Retention and Investigatory Powers Bill

Lord Rosser Excerpts
Wednesday 16th July 2014

(10 years, 3 months ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Rosser Portrait Lord Rosser (Lab)
- Hansard - -

This Bill was the subject of just nine hours of discussion and debate in the House of Commons yesterday. We will have to wait and see whether the time spent on discussion and debate in this House exceeds or falls short of that over the two days—today and tomorrow—that have been set aside.

Serious concerns have been raised in this debate over the way in which this Bill is being rushed through in the light of the fact that the European Court of Justice judgment, which the Government say has been the driving force behind the need for this Bill, was handed down more than three months ago. The reality is that the date of the Summer Recess was known in April, when the judgment was given. Thus the need for minds to be focused on reaching conclusions without delay was also known. We could have avoided the situation that we now have of rushed legislation, rushed committee reports, committees being sidelined and a general feeling that the Government could have ensured that there was more time to consider the proposals in the Bill before it needs to be passed prior to the Recess.

The rush means that the reports of the Delegated Powers and Regulatory Reform Committee and the Constitution Committee have only today been published. The Constitution Committee has commented on its report that between the date of the ECJ judgment in early April and 10 July the Government did not indicate that fast-track legislation might be necessary to address the court judgment, and that the contrast between the time taken by the Government to consider their response and the time given to Parliament to scrutinise the Bill is a matter of concern. The DPRRC has stated that there is no actual duty on the Secretary of State to make regulations under Clause 1(3), simply a power. The committee also said that since the powers conferred by Clause 1(1) and (2) on retention notices, which allow a significant intrusion into the privacy of members of the public, will come into force on the passing of the Bill, with the regulations under Clause 1(3) subject to the affirmative procedure, it is possible with the Recess imminent that there will be a period of three months without any regulations under Clause 1(3) in place to govern the exercise of powers under Clause 1(1) and (2). The Minister has said that that will not be the case, but like my noble friend Lady Smith of Basildon, I would like him to spell out again the timetable that the Government will be following to avoid the potential situation highlighted by the DPRRC from actually arising.

The Delegated Powers and Regulatory Reform Committee also pointed out that Clause 1(3) confers a power on the Secretary of State to make further provision by regulations about the retention of relevant communication data, and does not restrict the scope of the powers conferred by Clause 1(3). Perhaps the Minister will also respond to the view of the Constitution Committee in the light of the scope of the powers conferred by Clause 1(3) that, since it is the Government’s intention that the Bill does not enhance data retention powers, perhaps the Bill should expressly so provide.

The delay in bringing forward the Bill and then having to rush it through is all the more surprising since the judgment of the Court of Justice of the European Union to declare the new EU data retention directive invalid cannot have been entirely unexpected to the Government, since it supported the earlier opinion of the Advocate-General in December 2013. He found the directive incompatible with the EU’s Charter of Fundamental Rights in respect of the right to respect for private life and the right to the protection of personal data. The case was brought by the High Court in Ireland and the Constitutional Court in Austria. In essence, the Court of Justice of the European Union concluded that the data retention directive adopted by the EU legislature exceeded the limits imposed by compliance with the principle of proportionality as it did not limit the interference in respect of the fundamental rights in question to what is strictly necessary, since the directive covered in a generalised manner all individuals, all means of electronic indication and all traffic data without any differentiation, limitation or exception being made in the light of the objectives of fighting against serious crime.

The effect of the European Court of Justice decision was to strike down regulations to enable internet providers to retain communications data for law enforcement purposes of up to 12 months, thus creating uncertainty among communications service providers about the legal basis for the retention of communications data in the UK. The ECJ ruling did not take account of any controls or safeguards in the domestic laws of member states and in particular our communications data access regime, which is governed largely by the Regulation of Investigatory Powers Act 2000. RIPA seeks to ensure that access to communications data can take place only where it is necessary and proportionate for a specific investigation. Our data protection laws mean that in the absence of a legal duty to retain specific data, companies must delete data that are not required under their strict business uses.

Communications data, as has already been said, have been crucial to every counterterrorism operation by the security services in recent years and are used as evidence in nearly all serious and organised crime cases dealt with by the Crown Prosecution Service. The view of the House of Commons Home Affairs Committee yesterday was that the retention of communications data, subject to appropriate safeguards, was an important tool in the fight against terrorism, organised crime and child sexual exploitation, and that the Government were right to bring forward urgent legislation.

Following the ECJ ruling, the concern has been that without new legislation data could be destroyed within a short period by communications service providers fearing legal challenges, with the result that the police and security services would be unable to access them. With the EC directive in question having been transposed into UK law, national legislation needs to be amended only with regard to aspects that become contrary to EU law after a judgment by the European Court of Justice, and a finding of invalidity of the directive does not cancel the ability for member states to oblige retention of data. Indeed, the European Court of Justice accepted that an ability to retain data was necessary and recognised purposes for which data could be retained. Its objection to the directive was to its generalised nature and scope.

The EU data retention directive was implemented through secondary legislation through the Data Retention (EC Directive) Regulations 2009, and the Bill that we debate today is intended to remove any doubt there may be about the legal basis of our 2009 regulations and to give effect to the ECJ ruling. Clauses 1 and 2 confer on the Secretary of State the powers currently in the 2009 regulations to require service providers to retain communications data. The Bill of course also addresses the application of our laws on interception to remove any doubt that the requirement that companies co-operate with UK law enforcement and intelligence agencies also extends to companies that are based overseas but provide services to people in the United Kingdom.

The Constitution Committee said in its report published today that it is not clear why this last part of the Bill on interception needs to be fast tracked as there is evidence that the Government have known about the problem for some time, since the Joint Committee on the Draft Communications Data Bill noted in its report published at the end of 2012 that,

“many overseas CSPs refuse to acknowledge the extra-territorial application of RIPA”.

Will the Minister give the Government’s response to that point?

A number of the contributions in this debate have referred to the need to strike a balance in making a judgment on the Bill between the two main concerns of privacy of information and the need for agencies such as the police and security agencies to know about information and have access to it. The need in a democracy is to sustain liberty and security, and privacy and safety. The Government have made it clear that the purpose of the Bill, which we support, is to maintain existing capabilities and indeed to restrict them in line with the ECJ judgment. Clause 3, for example, will change the basis for obtaining a warrant for intercept on grounds of economic well-being. At the moment, under the Regulation of Investigatory Powers Act 2000, economic well-being is the sole criterion without condition. In future it will be subject to the interests of national security.

In the House of Commons, the Government agreed to our amendments designed to ensure that the Bill does not go beyond existing capabilities by requiring six-monthly reports on the operation of the Bill when it becomes an Act, to ensure that its implementation does not go beyond what the Government have stated is its purpose. There is also a sunset clause in the Bill, on which we insisted, which means that the legislation will cease to have effect from the end of 2016. That provides an opportunity for full public consideration and debate about what powers and capabilities will actually be required and how they will be regulated after then in the field of communications data access and interception. It will also provide an opportunity to ensure that whatever is deemed to be required will have rather greater public understanding and acceptance than is the case at present. People want to feel secure, but they also value their privacy and they do not like to find out the sheer extent to which that privacy can be and is being invaded from whistleblowers. They rightly feel that there should be more transparency from government on this issue both on the extent and necessity, and with that greater transparency might well come rather more trust and acceptance of the need for what should be done, provided it is proportionate.

The Government said last week that they would review the interception and communications data powers that we need and how they are regulated in the context of the threats we face. It was helpful that in the Commons the Government accepted the need to go down the road of our amendments and place this work, which will be conducted in the first phase by the Independent Reviewer of Terrorism Legislation, David Anderson QC, on a proper statutory footing. I hope the Minister, having mentioned Mr Anderson, will respond to the numerous points raised by my noble friend Lady Kennedy of The Shaws and by the noble Lord, Lord Carlile, about the future of Mr Anderson’s post, and the role and powers of the proposed new board.

The review which Mr Anderson will be conducting in the first phase will also take account of the impact of changing technology on the work of the different agencies involved. We have been calling for an independent expert review of the legal and operational framework, and in particular of the Regulation of Investigatory Powers Act 2000, because the speed of the communications data revolution since that Act has probably already led to the law and our oversight framework becoming out of date. The police and the security and other relevant agencies need to be able to keep up with new technology, but the safeguards need to keep up too—though, as has already been said in this debate, it is the knowledge that some private companies and organisations have about our daily lives and what we do that is equally breathtaking.

We will play our part in seeing that this Bill is passed, because the existing powers that it seeks to retain are too important for public safety and security to be put at risk of being lost. However, we also need that full debate about achieving the right balance, in a democracy, in an increasingly technological age, between privacy and liberty on the one hand and safety and security on the other, and ensuring that that balance commands public consent and confidence.