Investigatory Powers Bill safeguards still not enough: Society

11th April 2016 | europe , human rights , information technology , law society of scotland

The UK Government’s Investigatory Powers Bill could still fall short of what is needed to protect client confidentiality, and to comply with European Union law, the Law Society of Scotland warned today.

Provisions to safeguard client confidentiality are now included in the bill, whereas the draft legislation previously issued for comment proposed only a code of practice. The Society believes the bill represents an improvement, but that problems remain especially where large datasets are concerned.

Tim Musson, convener of the Law Society of Scotland privacy law committee, said that while the Government did not have an easy task in striking the right balance between protecting people from the threats of the digitalised world and enabling them to exercise the freedoms modern technology could offer, the means of protection “should not nullify the very freedoms we are trying to protect”.

“We are pleased that the UK Government accepted the arguments to ensure that protections for client confidentiality would be on the face of the proposed legislation, rather than through a code of conduct, but there are still risks that confidentiality could be breached”, he maintained.

“Not only the content of a communication, but also communications data itself can reveal a lot of information about a client, their lawyer and the advice that has been given.

“Collecting lots of data relating to significant numbers of people in a wholly indiscriminate way will inevitably result in the capture of information relating to client/lawyer communications... This information requires protection as it’s essential to ensure a client can speak freely with his or her lawyer and that the advice they receive will not be disclosed to the police, the security service or the media.”

The Society has also pointed out potential risks relating to the requirement for telecommunications operators to retain data.

Mr Musson commented: “There have been a number of high profile data breaches in the past year, such as Talk Talk, Carphone Warehouse, Hilton hotels, and we are not convinced that telecommunications operators will be able to store this information securely. There is the risk that cybercriminals will see such data banks as prime targets, with the information held potentially being used to target particular groups, including vulnerable people.

“Large scale data collection of this type could also be in contravention of EU law and we believe that the UK Government needs to be clear on how they believe the draft legislation will be compliant.”

In an opinion article to be published in this month's Journal, Mr Musson notes that ongoing cases at the EU Court of Justice and European Court of Human Rights, as well as the 2014 CJEU decision in the Digital Rights Ireland case, may provide grounds for challenging aspects of the bill.

He also points out that private postal services, often used by solicitors to send legal documents and communications to each other, do not enjoy the same protection as the public postal service in relation to the offence of unlawful interception in the bill.

Click here to access the full Law Society of Scotland response to the bill.