The draft bill, which is one of the longest pieces of legislation to be considered by MPs, would force internet service providers to store web browsing records of those in the UK for a year. This is supposed to help security services keep pace with technology used by terrorists and organised criminals.

However, the Intelligence and Security Committee (ISC) claimed that despite the draft possibly having suffered due to the timing constraints imposed by the “sunset clause” in the Data Retention and Investigatory Powers Act 2014, there were issues that first needed to be addressed before it was laid before the House of Lords.

As such, the committee drafted a report, in which it said: “Given the background to the draft bill and the public concern over the allegations made by Edward Snowden in 2013, it is surprising that the protection of people’s privacy – which is enshrined in other legislation – does not feature more prominently.

“One might have expected an overarching statement at the forefront of the legislation, or to find universal privacy protections applied consistently throughout the draft bill. However, instead, the reader has to search and analyse each investigatory power individually to understand the privacy protections which may apply. This results in a lack of clarity which undermines the importance of the safeguards associated with these powers.”

Committee chairman, Conservative MP Dominic Grieve, said: “We have recommended that the new legislation contains an entirely new part dedicated to overarching privacy protections, which should form the backbone of the draft legislation around which the exceptional powers are then built. This will ensure that privacy is an integral part of the legislation rather than an add-on.

Read more about data privacy:

• Facebook: Make sure your privacy policies are watertight
• US to extend data privacy rights to EU citizens

Furthermore, the committee claimed the bill gave spies too much power. It stated in the report that rules allowing for bulk equipment interference would enable spies to hack into devices on a mass scale. It said the bill was unclear about how these warrants might work and that it was “not convinced as to the requirement for them”, going so far as to call them “inconsistent and largely incomprehensible”.

The committee is also concerned about the downloading of large databases to aid investigations. Grieve claimed that given each Bulk Personal Dataset potentially contains personal information about a large number of individuals, each dataset should require a specific warrant. 

“We therefore recommend that Class Bulk Personal Dataset warrants are removed from the legislation, he said.

Grieve added: “It thus far evident the draft bill appears to have suffered from a lack of sufficient time and preparation.”

This was echoed by Jim Killock of the Open Rights Group, who said: “Rushing through legislation has to stop. It’s time for a proper debate about whether bulk surveillance powers are acceptable in a democracy like the UK.”

Image: Shutterstock

Share this story