(1)This Act sets out the extent to which certain investigatory powers may be used to interfere with privacy.
(2)This Part imposes certain duties in relation to privacy and contains other protections for privacy.
(3)These other protections include offences and penalties in relation to—
(a)the unlawful interception of communications, and
(b)the unlawful obtaining of communications data.
(4)This Part also abolishes and restricts various general powers to obtain communications data and restricts the circumstances in which equipment interference, and certain requests about the interception of communications, can take place.
(5)Further protections for privacy—
(a)can be found, in particular, in the regimes provided for by Parts 2 to 7 and in the oversight arrangements in Part 8, and
(b)also exist—
(i)by virtue of the Human Rights Act 1998,
[F1(ii)in section 170 of the Data Protection Act 2018 (unlawful obtaining etc of personal data),]
(iii)in section 48 of the Wireless Telegraphy Act 2006 (offence of interception or disclosure of messages),
(iv)in sections 1 to 3A of the Computer Misuse Act 1990 (computer misuse offences),
(v)in the common law offence of misconduct in public office, and
(vi)elsewhere in the law.
(6)The regimes provided for by Parts 2 to 7 are as follows—
(a)Part 2 and Chapter 1 of Part 6 set out circumstances (including under a warrant) in which the interception of communications is lawful and make further provision about the interception of communications and the treatment of material obtained in connection with it,
(b)Part 3 and Chapter 2 of Part 6 set out circumstances in which the obtaining of communications data is lawful in pursuance of an authorisation or under a warrant and make further provision about the obtaining and treatment of such data,
(c)Part 4 makes provision for the retention of certain communications data in pursuance of a notice,
(d)Part 5 and Chapter 3 of Part 6 deal with equipment interference warrants, and
(e)Part 7 deals with bulk personal dataset warrants.
(7)As to the rest of the Act—
(a)Part 8 deals with oversight arrangements for regimes in this Act and elsewhere, and
(b)Part 9 contains miscellaneous and general provisions including amendments to sections 3 and 5 of the Intelligence Services Act 1994 and provisions about national security and combined warrants and authorisations.
Textual Amendments
F1S. 1(5)(b)(ii) substituted (25.5.2018) by Data Protection Act 2018 (c. 12), s. 212(1), Sch. 19 para. 199 (with ss. 117, 209, 210); S.I. 2018/625, reg. 2(1)(g)
Commencement Information
I1S. 1 in force at 13.2.2017 by S.I. 2017/137, reg. 2(a)
(1)Subsection (2) applies where a public authority is deciding whether—
(a)to issue, renew or cancel a warrant under Part 2, 5, 6 or 7,
(b)to modify such a warrant,
(c)to approve a decision to issue, renew or modify such a warrant,
(d)to grant, approve or cancel an authorisation under Part 3,
(e)to give a notice in pursuance of such an authorisation or under Part 4 or section 252, 253 or 257,
(f)to vary or revoke such a notice,
(g)to approve a decision to give or vary a notice under Part 4 or section 252, 253 or 257,
(h)to approve the use of criteria under section 153, 194 or 222,
(i)to give an authorisation under section 219(3)(b),
(j)to approve a decision to give such an authorisation, or
(k)to apply for or otherwise seek any issue, grant, giving, modification, variation or renewal of a kind falling within paragraph (a), (b), (d), (e), (f) or (i).
(2)The public authority must have regard to—
(a)whether what is sought to be achieved by the warrant, authorisation or notice could reasonably be achieved by other less intrusive means,
(b)whether the level of protection to be applied in relation to any obtaining of information by virtue of the warrant, authorisation or notice is higher because of the particular sensitivity of that information,
(c)the public interest in the integrity and security of telecommunication systems and postal services, and
(d)any other aspects of the public interest in the protection of privacy.
(3)The duties under subsection (2)—
(a)apply so far as they are relevant in the particular context, and
(b)are subject to the need to have regard to other considerations that are also relevant in that context.
(4)The other considerations may, in particular, include—
(a)the interests of national security or of the economic well-being of the United Kingdom,
(b)the public interest in preventing or detecting serious crime,
(c)other considerations which are relevant to—
(i)whether the conduct authorised or required by the warrant, authorisation or notice is proportionate, or
(ii)whether it is necessary to act for a purpose provided for by this Act,
(d)the requirements of the Human Rights Act 1998, and
(e)other requirements of public law.
(5)For the purposes of subsection (2)(b), examples of sensitive information include—
(a)items subject to legal privilege,
(b)any information identifying or confirming a source of journalistic information, and
(c)relevant confidential information within the meaning given by paragraph 2(4) of Schedule 7 (certain information held in confidence and consisting of personal records, journalistic material or communications between Members of Parliament and their constituents).
F2(6). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Textual Amendments
F2S. 2(6) omitted (5.2.2019) by virtue of The Data Retention and Acquisition Regulations 2018 (S.I. 2018/1123), reg. 1(4)(d)(5), Sch. 1 para. 1 (see S.I. 2019/174, reg. 2(c))
Commencement Information
I2S. 2 in force at 30.12.2016 for specified purposes by S.I. 2016/1233, reg. 2(a)
I3S. 2 in force at 12.3.2018 for specified purposes by S.I. 2018/341, reg. 2(a)
I4S. 2 in force at 31.5.2018 for specified purposes by S.I. 2018/652, reg. 2(a)
I5S. 2 in force at 27.6.2018 for specified purposes by S.I. 2018/652, reg. 7(a)
I6S. 2 in force at 25.7.2018 for specified purposes by S.I. 2018/873, reg. 2(a)
I7S. 2 in force at 22.8.2018 for specified purposes by S.I. 2018/873, reg. 3(a)
I8S. 2 in force at 5.2.2019 in so far as not already in force by S.I. 2019/174, reg. 2(a)
(1)A person commits an offence if—
(a)the person intentionally intercepts a communication in the course of its transmission by means of—
(i)a public telecommunication system,
(ii)a private telecommunication system, or
(iii)a public postal service,
(b)the interception is carried out in the United Kingdom, and
(c)the person does not have lawful authority to carry out the interception.
(2)But it is not an offence under subsection (1) for a person to intercept a communication in the course of its transmission by means of a private telecommunication system if the person—
(a)is a person with a right to control the operation or use of the system, or
(b)has the express or implied consent of such a person to carry out the interception.
(3)Sections 4 and 5 contain provision about—
(a)the meaning of “interception”, and
(b)when interception is to be regarded as carried out in the United Kingdom.
(4)Section 6 contains provision about when a person has lawful authority to carry out an interception.
(5)For the meaning of the terms used in subsection (1)(a)(i) to (iii), see sections 261 and 262.
(6)A person who is guilty of an offence under subsection (1) is liable—
(a)on summary conviction in England and Wales, to a fine;
(b)on summary conviction in Scotland or Northern Ireland, to a fine not exceeding the statutory maximum;
(c)on conviction on indictment, to imprisonment for a term not exceeding 2 years or to a fine, or to both.
(7)No proceedings for any offence which is an offence by virtue of this section may be instituted—
(a)in England and Wales, except by or with the consent of the Director of Public Prosecutions;
(b)in Northern Ireland, except by or with the consent of the Director of Public Prosecutions for Northern Ireland.
Commencement Information
I9S. 3 in force at 27.6.2018 by S.I. 2018/652, reg. 7(b)
(1)For the purposes of this Act, a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if—
(a)the person does a relevant act in relation to the system, and
(b)the effect of the relevant act is to make any content of the communication available, at a relevant time, to a person who is not the sender or intended recipient of the communication.
For the meaning of “content” in relation to a communication, see section 261(6).
(2)In this section “relevant act”, in relation to a telecommunication system, means—
(a)modifying, or interfering with, the system or its operation;
(b)monitoring transmissions made by means of the system;
(c)monitoring transmissions made by wireless telegraphy to or from apparatus that is part of the system.
(3)For the purposes of this section references to modifying a telecommunication system include references to attaching any apparatus to, or otherwise modifying or interfering with—
(a)any part of the system, or
(b)any wireless telegraphy apparatus used for making transmissions to or from apparatus that is part of the system.
(4)In this section “relevant time”, in relation to a communication transmitted by means of a telecommunication system, means—
(a)any time while the communication is being transmitted, and
(b)any time when the communication is stored in or by the system (whether before or after its transmission).
(5)For the purposes of this section, the cases in which any content of a communication is to be taken to be made available to a person at a relevant time include any case in which any of the communication is diverted or recorded at a relevant time so as to make any content of the communication available to a person after that time.
(6)In this section “wireless telegraphy” and “wireless telegraphy apparatus” have the same meaning as in the Wireless Telegraphy Act 2006 (see sections 116 and 117 of that Act).
(7)Section 125(3) of the Postal Services Act 2000 applies for the purposes of determining for the purposes of this Act whether a postal item is in the course of its transmission by means of a postal service as it applies for the purposes of determining for the purposes of that Act whether a postal packet is in course of transmission by post.
(8)For the purposes of this Act the interception of a communication is carried out in the United Kingdom if, and only if—
(a)the relevant act or, in the case of a postal item, the interception is carried out by conduct within the United Kingdom, and
(b)the communication is intercepted—
(i)in the course of its transmission by means of a public telecommunication system or a public postal service, or
(ii)in the course of its transmission by means of a private telecommunication system in a case where the sender or intended recipient of the communication is in the United Kingdom.
Commencement Information
I10S. 4 in force at 31.5.2018 by S.I. 2018/652, reg. 2(b)
(1)References in this Act to the interception of a communication do not include references to the interception of any communication broadcast for general reception.
(2)References in this Act to the interception of a communication in the course of its transmission by means of a postal service do not include references to—
(a)any conduct that takes place in relation only to so much of the communication as consists of any postal data comprised in, included as part of, attached to, or logically associated with a communication (whether by the sender or otherwise) for the purposes of any postal service by means of which it is being or may be transmitted, or
(b)any conduct, in connection with conduct falling within paragraph (a), that gives a person who is neither the sender nor the intended recipient only so much access to a communication as is necessary for the purpose of identifying such postal data.
For the meaning of “postal data”, see section 262.
Commencement Information
I11S. 5 in force at 31.5.2018 by S.I. 2018/652, reg. 2(c)
(1)For the purposes of this Act, a person has lawful authority to carry out an interception if, and only if—
(a)the interception is carried out in accordance with—
(i)a targeted interception warrant or mutual assistance warrant under Chapter 1 of Part 2, or
(ii)a bulk interception warrant under Chapter 1 of Part 6,
(b)the interception is authorised by any of sections 44 to 52, or
(c)in the case of a communication stored in or by a telecommunication system, the interception—
(i)is carried out in accordance with a targeted equipment interference warrant under Part 5 or a bulk equipment interference warrant under Chapter 3 of Part 6,
(ii)is in the exercise of any statutory power that is exercised for the purpose of obtaining information or taking possession of any document or other property, or
(iii)is carried out in accordance with a court order made for that purpose.
(2)Conduct which has lawful authority for the purposes of this Act by virtue of subsection (1)(a) or (b) is to be treated as lawful for all other purposes.
(3)Any other conduct which—
(a)is carried out in accordance with a warrant under Chapter 1 of Part 2 or a bulk interception warrant, or
(b)is authorised by any of sections 44 to 52,
is to be treated as lawful for all purposes.
Commencement Information
I12S. 6 in force at 31.5.2018 by S.I. 2018/652, reg. 2(d) (with regs. 19(3)(a), 20)
(1)The Investigatory Powers Commissioner may serve a monetary penalty notice on a person if conditions A and B are met.
(2)A monetary penalty notice is a notice requiring the person on whom it is served to pay to the Investigatory Powers Commissioner (“the Commissioner”) a monetary penalty of an amount determined by the Commissioner and specified in the notice.
(3)Condition A is that the Commissioner considers that—
(a)the person has intercepted, in the United Kingdom, any communication in the course of its transmission by means of a public telecommunication system,
(b)the person did not have lawful authority to carry out the interception, and
(c)the person was not, at the time of the interception, making an attempt to act in accordance with an interception warrant which might, in the opinion of the Commissioner, explain the interception.
(4)Condition B is that the Commissioner does not consider that the person has committed an offence under section 3(1).
(5)The amount of a monetary penalty determined by the Commissioner under this section must not exceed £50,000.
(6)Schedule 1 (which makes further provision about monetary penalty notices) has effect.
(7)In this section “interception warrant” means—
(a)a targeted interception warrant or mutual assistance warrant under Chapter 1 of Part 2, or
(b)a bulk interception warrant under Chapter 1 of Part 6.
(8)For the meaning of “interception” and other key expressions used in this section, see sections 4 to 6.
Commencement Information
I13S. 7 in force at 27.6.2018 by S.I. 2018/652, reg. 7(c) (with reg. 19(3)(b))
(1)An interception of a communication is actionable at the suit or instance of—
(a)the sender of the communication, or
(b)the recipient, or intended recipient, of the communication,
if conditions A to D are met.
(2)Condition A is that the interception is carried out in the United Kingdom.
(3)Condition B is that the communication is intercepted—
(a)in the course of its transmission by means of a private telecommunication system, or
(b)in the course of its transmission, by means of a public telecommunication system, to or from apparatus that is part of a private telecommunication system.
(4)Condition C is that the interception is carried out by, or with the express or implied consent of, a person who has the right to control the operation or use of the private telecommunication system.
(5)Condition D is that the interception is carried out without lawful authority.
(6)For the meaning of “interception” and other key expressions used in this section, see sections 4 to 6.
Commencement Information
I14S. 8 in force at 27.6.2018 by S.I. 2018/652, reg. 7(d)
(1)This section applies to a request for any authorities of a country or territory outside the United Kingdom to carry out the interception of communications sent by, or intended for, an individual who the person making the request believes will be in the British Islands at the time of the interception.
(2)A request to which this section applies may not be made by or on behalf of a person in the United Kingdom unless—
(a)a targeted interception warrant has been issued under Chapter 1 of Part 2 authorising the person to whom it is addressed to secure the interception of communications sent by, or intended for, that individual, or
(b)a targeted examination warrant has been issued under that Chapter authorising the person to whom it is addressed to carry out the selection of the content of such communications for examination.
Commencement Information
I15S. 9 in force at 27.6.2018 for specified purposes by S.I. 2018/652, reg. 7(e)
I16S. 9 in force at 26.9.2018 in so far as not already in force by S.I. 2018/940, reg. 3(a)
(1)This section applies to—
F3(a). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(b)a request for assistance in accordance with an international mutual assistance agreement
[F4so far as the assistance is in connection with, or in the form of, the interception of communications.]
(2)A request to which this section applies may not be made by or on behalf of a person in the United Kingdom to the competent authorities of a country or territory outside the United Kingdom unless a mutual assistance warrant has been issued under Chapter 1 of Part 2 authorising the making of the request.
[F5(2A)Subsection (2) does not apply in the case of a request for assistance in connection with, or in the form of, interception of a communication stored in or by a telecommunication system if the request is made—
(a)in the exercise of a statutory power that is exercised for the purpose of obtaining information or taking possession of any document or other property, or
(b)in accordance with a court order that is made for that purpose.]
(3)In this section—
F6...
“international mutual assistance agreement” means an international agreement which—
relates to the provision of mutual assistance in connection with, or in the form of, the interception of communications,
requires the issue of a warrant, order or equivalent instrument in cases in which assistance is given, and
is designated as an international mutual assistance agreement by regulations made by the Secretary of State.
Textual Amendments
F3S. 10(1)(a) and word omitted (31.12.2020) by virtue of The Law Enforcement and Security (Amendment) (EU Exit) Regulations 2019 (S.I. 2019/742), regs. 1, 82(2)(a) (with reg. 83); 2020 c. 1, Sch. 5 para. 1(1)
F4Words in s. 10(1) inserted (31.7.2017) by The Criminal Justice (European Investigation Order) Regulations 2017 (S.I. 2017/730), reg. 1(1), Sch. 3 para. 9(1)(a) (with reg. 3)
F5S. 10(2A) inserted (31.7.2017) by The Criminal Justice (European Investigation Order) Regulations 2017 (S.I. 2017/730), reg. 1(1), Sch. 3 para. 9(1)(b) (with reg. 3)
F6Words in s. 10(3) omitted (31.12.2020) by virtue of The Law Enforcement and Security (Amendment) (EU Exit) Regulations 2019 (S.I. 2019/742), regs. 1, 82(2)(b) (with reg. 83); 2020 c. 1, Sch. 5 para. 1(1)
Commencement Information
I17S. 10(1)(2) in force at 27.6.2018 for specified purposes by S.I. 2018/652, reg. 7(f)(i)
I18S. 10(1)(2) in force at 26.9.2018 in so far as not already in force by S.I. 2018/940, reg. 3(b)
I19S. 10(3) in force at 31.5.2018 for specified purposes by S.I. 2018/652, reg. 2(e)
I20S. 10(3) in force at 27.6.2018 in so far as not already in force by S.I. 2018/652, reg. 7(f)(i)
(1)A relevant person who, without lawful authority, knowingly or recklessly obtains communications data from a telecommunications operator or a postal operator is guilty of an offence.
(2)In this section “relevant person” means a person who holds an office, rank or position with a relevant public authority (within the meaning of Part 3).
(3)Subsection (1) does not apply to a relevant person who shows that the person acted in the reasonable belief that the person had lawful authority to obtain the communications data.
(4)A person guilty of an offence under this section is liable—
(a)on summary conviction in England and Wales—
(i)to imprisonment for a term not exceeding [F7the general limit in a magistrates’ court] (or 6 months, if the offence was committed before [F82 May 2022]), or
(ii)to a fine,
or to both;
(b)on summary conviction in Scotland—
(i)to imprisonment for a term not exceeding 12 months, or
(ii)to a fine not exceeding the statutory maximum,
or to both;
(c)on summary conviction in Northern Ireland—
(i)to imprisonment for a term not exceeding 6 months, or
(ii)to a fine not exceeding the statutory maximum,
or to both;
(d)on conviction on indictment, to imprisonment for a term not exceeding 2 years or to a fine, or to both.
Textual Amendments
F7Words in s. 11(4)(a)(i) substituted (7.2.2023 at 12.00 p.m.) by The Judicial Review and Courts Act 2022 (Magistrates’ Court Sentencing Powers) Regulations 2023 (S.I. 2023/149), regs. 1(2), 2(1), Sch. Pt. 1
F8Words in s. 11(4)(a)(i) substituted (28.4.2022) by The Criminal Justice Act 2003 (Commencement No. 33) and Sentencing Act 2020 (Commencement No. 2) Regulations 2022 (S.I. 2022/500), regs. 1(2), 5(1), Sch. Pt. 1
Commencement Information
I21S. 11 in force at 5.2.2019 by S.I. 2019/174, reg. 2(b)
(1)Schedule 2 (which repeals certain information powers so far as they enable public authorities to secure the disclosure by a telecommunications operator or postal operator of communications data without the consent of the operator) has effect.
(2)Any general information power which—
(a)would (apart from this subsection) enable a public authority to secure the disclosure by a telecommunications operator or postal operator of communications data without the consent of the operator, and
(b)does not involve a court order or other judicial authorisation or warrant and is not a regulatory power or a relevant postal power,
is to be read as not enabling the public authority to secure such a disclosure.
[F9(2A)Subsection (2) is subject to section 352(1) of the Finance (No. 2) Act 2023 (no restriction on tax related powers).]
(3)A regulatory power or relevant postal power which enables a public authority to secure the disclosure by a telecommunications operator or postal operator of communications data without the consent of the operator may only be exercised by the public authority for that purpose if it is not possible for the authority to use a power under this Act to secure the disclosure of the data.
(4)The Secretary of State may by regulations modify any enactment in consequence of subsection (2).
(5)In this section “general information power” means—
(a)in relation to disclosure by a telecommunications operator, any power to obtain information or documents (however expressed) which—
(i)is conferred by or under an enactment other than this Act or the Regulation of Investigatory Powers Act 2000, and
(ii)does not deal (whether alone or with other matters) specifically with telecommunications operators or any class of telecommunications operators, and
(b)in relation to disclosure by a postal operator, any power to obtain information or documents (however expressed) which—
(i)is conferred by or under an enactment other than this Act or the Regulation of Investigatory Powers Act 2000, and
(ii)does not deal (whether alone or with other matters) specifically with postal operators or any class of postal operators.
(6)In this section—
“power” includes part of a power,
“regulatory power” means any power to obtain information or documents (however expressed) which—
is conferred by or under an enactment other than this Act or the Regulation of Investigatory Powers Act 2000, and
is exercisable in connection with the regulation of—
telecommunications operators, telecommunications services or telecommunication systems, or
postal operators or postal services,
“relevant postal power” means any power to obtain information or documents (however expressed) which—
is conferred by or under an enactment other than this Act or the Regulation of Investigatory Powers Act 2000, and
is exercisable in connection with the conveyance or expected conveyance of any postal item into or out of the United Kingdom,
and references to powers include duties (and references to enabling and exercising are to be read as including references to requiring and performing).
Textual Amendments
F9S. 12(2A) inserted (retrospectively) by Finance (No. 2) Act 2023 (c. 20), s. 352(4)(7)
Modifications etc. (not altering text)
C1S. 12(2) excluded (retrospectively) by Finance (No. 2) Act 2023 (c. 20), s. 352(1)(7) (with s. 352(3))
Commencement Information
I22S. 12 in force at 22.7.2020 by S.I. 2020/766, reg. 2(a)
(1)An intelligence service may not, for the purpose of obtaining communications, private information or equipment data, engage in conduct which could be authorised by an equipment interference warrant except under the authority of such a warrant if—
(a)the intelligence service considers that the conduct would (unless done under lawful authority) constitute one or more offences under sections 1 to 3A of the Computer Misuse Act 1990 (computer misuse offences), and
(b)there is a British Islands connection.
(2)For the purpose of this section, there is a British Islands connection if—
(a)any of the conduct would take place in the British Islands (regardless of the location of the equipment which would, or may, be interfered with),
(b)the intelligence service believes that any of the equipment which would, or may, be interfered with would, or may, be in the British Islands at some time while the interference is taking place, or
(c)a purpose of the interference is to obtain—
(i)communications sent by, or to, a person who is, or whom the intelligence service believes to be, for the time being in the British Islands,
(ii)private information relating to an individual who is, or whom the intelligence service believes to be, for the time being in the British Islands, or
(iii)equipment data which forms part of, or is connected with, communications or private information falling within sub-paragraph (i) or (ii).
(3)This section does not restrict the ability of the head of an intelligence service to apply for an equipment interference warrant in cases where—
(a)the intelligence service does not consider that the conduct for which it is seeking authorisation would (unless done under lawful authority) constitute one or more offences under sections 1 to 3A of the Computer Misuse Act 1990, or
(b)there is no British Islands connection.
(4)In this section—
“communications”, “private information” and “equipment data” have the same meaning as in Part 5 (see section 135);
“equipment interference warrant” means—
a targeted equipment interference warrant under Part 5;
a bulk equipment interference warrant under Chapter 3 of Part 6.
Commencement Information
I23S. 13 in force at 8.8.2018 by S.I. 2018/652, reg. 14(a) (with reg. 21)
(1)A person may not, for the purpose of obtaining communications, private information or equipment data, make an application under section 93 of the Police Act 1997 for authorisation to engage in conduct which could be authorised by a targeted equipment interference warrant under Part 5 if the applicant considers that the conduct would (unless done under lawful authority) constitute one or more offences under sections 1 to 3A of the Computer Misuse Act 1990 (computer misuse offences).
(2)In this section, “communications”, “private information” and “equipment data” have the same meaning as in Part 5 (see section 135).
Commencement Information
I24S. 14 in force at 16.1.2019 by S.I. 2018/1246, reg. 4