MI5 Handling Of Personal Data ‘Unlawful’, Watchdog Warns

The domestic intelligence service MI5 has been rapped over the knuckles for its data protection practices, associated with all the data it has compiled from search warrants.

The Investigatory Powers Commissioner reportedly said information gathered under warrants was kept too long and was not stored safely.

The intelligence services in the UK have long been known to store vast quantities of data. In 2015 then Home Secretary Theresa May admitted to Parliament that MI5 and GCHQ had been bulk collecting the phone and email data of the general public since 2001.

Watchdog admission

And now the official watchdog of law enforcement and the intelligence agencies has admitted in court that data protection rules have been broken by MI5.

It said that MI5 has handled large amounts of personal data in an “undoubtedly unlawful” way, the Investigatory Powers Commissioner was quoted as saying by the BBC.

The watchdog’s criticism of MI5 emerged in the High Court on Tuesday, as civil rights group Liberty challenged parts of the Investigatory Powers Act (commonly referred to as the Snoopers Charter).

Liberty announced that MI5 has been unlawfully retaining innocent people’s data for years.

The intelligence service also failed to give senior judges accurate information about repeated breaches of its duty to delete bulk surveillance data, and has been criticised for mishandling sensitive legally privileged material.

Liberty explained that following last month’s revelation last month that MI5 had breached IPA privacy safeguards, more details have emerged about this data breaches during the court case.

Data failings

“Despite heavy redaction by MI5, the documents reveal how a litany of failures and false assurances has led to what the Investigatory Powers Commissioner, Lord Justice Fulford, has concluded is the ‘undoubtedly unlawful’ conduct of the UK’s leading security service,” Liberty said.

The documents allegedly show that the Commissioner had concluded that MI5 knew for three years before informing IPCO about it data protection failings.

The campaign group alleged that MI5 had provided false assurances to judges issuing warrants for bulk surveillance that MI5 was compiling its data handling obligations.

Liberty cited a “remarkable admission to the Commissioner,” where a senior MI5 official acknowledged that personal data collected by MI5 is being stored in ‘ungoverned spaces’.

“These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so,” Liberty lawyer Megan Goulding said.

“This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history,” said Goulding.

“It is unacceptable that the public is only learning now about these serious breaches after the Government has been forced into revealing them in the course of Liberty’s legal challenge,” said Goulding. “In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the Government’s surveillance regime.”

Can you protect your privacy online? Take our quiz!