Let me start with two thank yous. First, let me put on record my party’s gratitude to the intelligence services and law enforcement organisations that work so incredibly hard to keep all our citizens safe in the face of constantly changing and developing threats. Secondly, I thank all those who took part in the reviews of the 2016 Act that have informed the Bill. However, as Lord Anderson said in his own review, they should be a starting point for parliamentary scrutiny and debate rather than a finishing point.
Although any opportunity to revisit and improve the 2016 Act would generally be welcome, my party has serious concerns about certain provisions in this amendment Bill. In short, while it is constantly presented as “updating”, and as protecting and making efficient pre-existing powers, we fear that the reality is a very significant expansion of what are, we must remember, already extraordinarily wide powers by international standards. There are significant privacy and human rights risks, and the danger of increasingly widespread suspicionless surveillance. We fear that we may be handing invasive powers to intelligence and law enforcement agencies not because the powers are necessary or essential to their work but because they are convenient, and that is not striking the right balance.
All this is consistent with the very detailed and principled privacy and human rights concerns that my party raised in relation to the 2016 Act itself—particularly in the speeches made by my hon. and learned Friend the Member for Edinburgh South West (Joanna Cherry), who is here to take part in the debate again today. As will be the case today, we did not oppose the Second Reading of that Bill, but in the absence of important amendments, or concessions and reassurances—again, as with the 2016 legislation—we keep open the option to oppose the current Bill at a later stage.
Today I will focus on concerns relating to bulk personal datasets, and on notices relating to changes in telecommunication services. I will also briefly flag up our concerns about internet connection records and changes to the offence of unlawfully obtaining communications data. My party also believes that this Bill provides an opportunity to revisit the whole issue of snooping on parliamentarians, if we are bold enough to take it.
I shall turn first to bulk personal datasets and part 7 of the 2016 Act. In short, we struggle to see that the proposed changes have been shown to be necessary. We fear that they will instead create even larger gaps in the oversight regime in relation to these capabilities. A whole host of concerns arises in relation to the provisions of clause 2 and the concept of data in relation to which there can be
“low or no reasonable expectation of privacy”.
Bluntly, I struggle to see how a decision maker is supposed to assess people’s reasonable expectations of privacy, and when we say “people” we can be talking about hundreds or thousands of people or potentially several million people. Within that group of individuals there will be many varying attitudes to further privacy, and the data related to individuals could vary hugely from the mundane to the deeply personal. It may be that there is supposed to be some type of “reasonable person” test applied, but is that reasonable person black, gay, Jewish or indeed a trade unionist? How are potentially very different subjective attitudes to be accounted for? These might seem like odd questions, but the experience in the United States of America, where a similar test is involved, proves that these questions are very real indeed. Is it a general question of privacy in relation to the data or a more specific question of expectations of the use of that data by intelligence services? What precisely is low expectation? This seems to be an impossible assessment to undertake in any realistic or meaningful sense.