Search Legislation

Investigatory Powers Act 2016

Legal background

  1. With limited exceptions, the investigatory powers provided for in this Act already existed. This includes the interception of communications, the retention and acquisition of communications data, equipment interference, and the acquisition of bulk data. The Act has to an extent consolidated these powers in one place, though certain powers continue to exist elsewhere in legislation. There are also other enactments relevant to investigatory powers, as this section describes.
  2. RIPA contained much of the legislative scheme governing the investigatory powers used to interfere with communications which the Act replaces. Part 1 of RIPA concerned communications. Chapter 1 of Part 1 concerned the interception of communications. It is repealed by the Act and replaced by Part 2 and Chapter 1 of Part 6. Chapter 2 of Part 1 concerned powers to acquire communications data (information concerning a communication, but not its content) from communications service providers. It is repealed and replaced by Part 3 of the Act. DRIPA made clear the extra-territorial extent of Part 1 of RIPA, which is now made clear in this Act.
  3. The Wireless Telegraphy Act 2006 (section 49) provided for the authorisation of the use of wireless telegraphy equipment to obtain information about a communication, or the disclosure of such information. This is repealed by the Act, with such interception provided for in Part 2.
  4. Sections 1 and 2 of DRIPA and the Data Retention Regulations 2014 contained the legislative scheme concerning the power of the Secretary of State to require communications service providers to retain communications data. Part 3 of the Counter-Terrorism and Security Act 2015 amended DRIPA so that an additional category of data - that necessary to resolve Internet Protocol addresses – could be included in a requirement to retain data. These provisions are replaced by Part 4 of the Act.
  5. The power to interfere with property existed prior to this Act, being provided for in the Police Act 1997 and ISA. Part 3 of the Police Act 1997 provides for the authorisation of interference with property and wireless telegraphy. That continues to be the case, but those provisions have a much reduced scope: they cannot be used to authorise the obtaining of communications, private information or equipment data. Instead an authorisation under Part 5 is required. ISA similarly allows for the three intelligence services to be authorised to interfere with property and wireless telegraphy. Again, those provisions continue to exist but with a reduced scope. Section 13 of the Act sets out when the agencies must obtain an equipment interference warrant under Part 5 of Chapter 3 of Part 6.
  6. Chapter 2 of Part 6 of the Act provides for warrants authorising the bulk acquisition of communications data. Before the Act, the bulk acquisition of communications data was authorised by a direction given under section 94 of the Telecommunications Act 1984. The section 94 power is repealed by the Act.
  7. The security and intelligence agencies have the power to acquire information. The Security Service Act 1989 sets out the functions of MI5 and provides that MI5 can only obtain or disclose information so far as is necessary for those functions. ISA sets out the functions of SIS and GCHQ, and contains similar provision concerning the obtaining and disclosure of information. Part 7 of the Act does not provide a power for the security and intelligence agencies to acquire information, but provides for the retention and examination of BPDs.
  8. Part 8 of the Act contains oversight arrangements. The IPC replaces the Interception of Communications Commissioner and the Intelligence Services Commissioner (provided for in Part 4 of RIPA) and the Surveillance Commissioners (provided for in the Police Act 1997 and given additional functions by Part 4 of RIPA). Part 4 of RIPA provides for the IPT, which continues to exist and is amended by this Act to have jurisdiction regarding matters in this Act.
  9. Part 2 of RIPA (which concerns surveillance and covert human intelligence sources) and Part 3 of RIPA (which concerns the investigation of encrypted data) are not significantly amended by this Act. RIPSA makes similar provision to Part 2 of RIPA.

European law

  1. Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the telecommunications sector (‘the e-Privacy Directive’) contains a general requirement of confidentiality of electronic communications, as well as requirements to delete traffic data when no longer needed, and other protections for electronic communications. Article 15(1) provides that Member States may derogate from certain rights in the directive (including the right to privacy) where this is a necessary, appropriate and proportionate measure within a democratic society to safeguard national security, defence, public security, the prevention or detection of crime and the purposes laid down in Article 13 of the Data Protection Directive. Article 15(1) specifically provides for the retention of communications data.
  2. Directive 2006/24/EC (‘the Data Retention Directive’) harmonised the retention of communications data. The Data Retention Directive was struck down by the European Court of Justice as incompatible with Articles 7 and 8 of the Charter of Fundamental Rights in joined cases C-293/12 and C-594/12 Digital Rights Ireland & Seitlinger, on the basis that it did not contain sufficient safeguards. No replacement Directive has, as yet, been proposed.

Back to top