MI5 stored personal data unlawfully, says watchdog
MI5 has been unlawfully holding personal data collected through surveillance or hacking programs, the High Court has been told.
In a case brought by the civil rights group Liberty, it emerged that MI5 has been storing information about locations, calls, messages and web browsing history without proper protections.
The security agency is also said to have misled senior judges by applying for warrants on the basis that data protection obligations were being met, when in fact they were not.
The spy agency has been aware of breaches of compliance for at least three years, yet failed to act and, it is claimed, kept the failings secret.
But they have been exposed by the official watchdog, the investigatory powers commissioner, Lord Justice Fulford, and admitted in outline by Sajid Javid, the Home Secretary. Megan Goulding, a Liberty lawyer, said: “MI5 have been holding on to people’s data – ordinary people’s data, your data, my data – illegally for many years. Not only that, they’ve been trying to keep their really serious errors secret from the security services watchdog, which is supposed to know about them, secret from the Home Office, secret from the Prime Minister and secret from the public.”
The Investigatory Powers Act places strict obligations on the agency to ensure data are stored and handled safely, destroying it when no longer needed.
Lord Justice Fulford said MI5 had a “historical lack of compliance” with the law in the way it retained data. He said it had been held and handled in an “undoubted unlawful manner”.
His ruling effectively places the security service in “special measures”.
MI5 lawyers said they could not explain the exact nature of the breaches in open court, not because they were embarrassing, but because there were “serious national security concerns”.