"For example, privileged information shared by foreign partners is currently not overseen by the IPC. It's common practice for national intelligence agencies, such as GCHQ, to receive reports from allies overseas, including from those in the Five Eyes alliance. These reports often contain the kind of privileged information that, in the UK, would require permission from a judicial commissioner, under the IPA, to acquire."
"The IPC specifically named GCHQ in its example, noting that GCHQ has voluntarily disclosed its receipt and retention of this information to a judicial commissioner - as it would for data acquired through its own warrants - despite no legal requirement to do so. Another potential regulatory gap highlighted refers to the UK intelligence community (UKIC) not having to disclose serious data breaches, provided that the breach meets the criteria for a relevant error, as specified by the IPA."
"A relevant error refers to an error made by a public authority in the process of meeting any requirements of the IPA that are also subject to review by a judicial commissioner. It means members of the UKIC - MI5, MI6, and GCHQ - do not have to report serious breaches to the Information Commissioner's Office if they occur while carrying out activities related to the IPA."
The Investigatory Powers Act 2016 contains regulatory gaps not remedied by the Investigatory Powers (Amendment) Act 2024. Privileged intelligence shared by foreign partners to UK agencies can be received and retained without IPC oversight, creating a route for sensitive material to bypass judicial authorisation required under the IPA. GCHQ has voluntarily disclosed such receipts despite no legal obligation. The UK intelligence community can avoid reporting serious data breaches when those breaches meet the IPA’s definition of a relevant error, meaning breaches during IPA-related activities need not be reported to the Information Commissioner. Future reforms should be enacted by the Home Office to close these gaps.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]