Out-Law / Your Daily Need-To-Know

Out-Law News 3 min. read

Information Commissioner should be given RIPA role, says Commons committee


The Information Commissioner's Office (ICO) should give advice and support on UK laws on communication hacking, a House of Commons committee has said. It should give advice on some aspects of the Regulation of Investigatory Powers Act (RIPA), it said.

Currently the ICO, the UK's data protection watchdog, only has involvement in communication hacking laws when the offences relate to breaches of data protection or e-privacy laws.

The Data Protection Act provides that it is unlawful to obtain personal data knowingly or recklessly. The Privacy and Electronic Communications Regulations outlines the privacy rights individuals have relating to how organisations use technology to track their activity.

In its report on phone hacking Parliament's Home Affairs Committee proposed that the ICO be responsible for issuing guidance to those in danger of breaking surveillance laws or to people who think they have been victims of illegal hacking or surveillance.

"Although the Information Commissioner’s Office provides some advice, there is no formal mechanism for either those who know they are in danger of breaking the law or those whose communications may be or have been intercepted to obtain information and advice," the Home Affairs Committee said in its Unauthorised Tapping into or Hacking of Mobile Communications report(68-page /391KB PDF).

"We therefore recommend the extension of the Information Commissioner’s remit to cover the provision of advice and support in relation to chapter 1 of the Regulation of Investigatory Powers Act," the report said.

Chapter 1 of RIPA sets out the laws relating to lawful and unlawful interception of communications. Law enforcement agencies, including the police and MI5, can tap phone, internet or email communications to protect the UK's national security interests, prevent and detect terrorism and serious crime or to safeguard the UK's economic well-being.

Telecoms firms are allowed to unintentionally intercept communications in line with RIPA if the interception "takes place for purposes connected with the provision or operation of that service or with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services."

The law also states that unlawful interception takes place if a person makes "some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication". It also states that interception is illegal on messages stored "'in a manner that enables the intended recipient to collect it or otherwise to have access to it".

Unlawful interceptors of communications and those who commission the illegal practice face the risk of prosecution. The law does not give the accused the right to claim the hacking activity was conducted in the public interest.

The Interception of Communications Commissioner (IoCC) currently has responsibility for RIPA and for reviewing how law enforcement agencies use their RIPA powers.

In May Parliament changed RIPA so that it is only legal to monitor private communications, even unintentionally, if you have a warrant or if both the sender and recipient of information agree to the monitoring.

The law had previously said that you could monitor without a warrant if you had 'reasonable grounds' to believe that the parties to the communication had consented to the monitoring.

The changes granted new powers to the IoCC giving the authority the power to impose fines of up to £50,000 for unlawful interceptions.

The Committee said that the ICC had "no duties in respect of private sector operators, and in particular has no remit or resources to advise individuals who believe they have been victims of unauthorised interception of their communications by the private sector", prompting it to suggest the role could be played by the ICO.

The Home Affairs Committee said that a "more flexible approach" was needed to penalties for non-compliance with RIPA laws.

"Given the apparent increase of hacking in areas such as child custody battles and matrimonial disputes, and the consequential danger of either the police being swamped or the law becoming unenforceable, there is a strong argument for introducing a more flexible approach to the regime, with the intention of allowing victims easier recourse to redress," the Committee's report said.

The Government should consider amending RIPA to "allow for a greater variety of penalties for offences of unlawful interception, including the option of providing for civil redress" for offences less serious than those that merit prosecution, the Home Affairs Committee said.

The "lack of a regulatory authority" under RIPA has "serious consequences", the Committee said. It said the Government should seriously consider appointing one Commissioner with overall responsibilities for ensuring privacy under RIPA laws.

Specialists could enforce separate areas of the laws, the Committee said. Currently a number of bodies, including the IoCC, Surveillance Commissioners and the Intelligence Service Commissioner, have areas of responsibility for ensuring compliance with RIPA rules.

Kathryn Wynn, a data protection law expert with Pinsent Masons, the law firm behind OUT-LAW.COM, said the ICO was "well placed" to advise on compliance with RIPA following the publication of reports it formed into the data protection implications of phone hacking in the past.

In 2006 it the ICO delivered a report called 'What price privacy?' The report revealed what the ICO called "evidence of systematic breaches in personal privacy that amount to an unlawful trade in confidential personal information". The report identified media intrusion as featuring prominently in illicitly obtained personal information.

Technology law news is also available from Bootlaw, a free resource for technology start-ups, with regular events hosted by Pinsent Masons.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.