Part 3Authorisations for obtaining communications data
F1Further provision about authorisations
I162Restrictions in relation to internet connection records
F2A1
The Investigatory Powers Commissioner may not, on the application of a local authority, grant an authorisation under section 60A for the purpose of obtaining data which is, or can only be obtained by processing, an internet connection record.
A2
The Investigatory Powers Commissioner may not, on the application of a relevant public authority which is not a local authority, grant an authorisation under section 60A for the purpose of obtaining data which is, or can only be obtained by processing, an internet connection record unless condition A, B or C is met.
F31
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
A designated senior officer of a relevant public authority which is not a local authority may not grant an authorisation for the purpose of obtaining data which is, or can only be obtained by processing, an internet connection record unless condition A, B or C is met.
3
Condition A is that F4the person with power to grant the authorisation considers that it is necessary, for a purpose falling within F5section 60A(7), 61(7) or 61A(7) (as applicable), to obtain the data to identify which person or apparatus is using an internet service where—
a
the service and time of use are already known, but
b
the identity of the person or apparatus using the service is not known.
4
Condition B is that—
a
the purpose for which the data is to be obtained falls within F6section 60A(7), 61(7) or 61A(7) (as applicable) but is not the purpose of preventing or detecting serious crime mentioned in section 60A(8)(a), 61(7A)(a) or 61A(8)(a) or the purpose of preventing or detecting crime mentioned in section 60A(8)(b), 61(7A)(b) or 61A(8)(b), and
b
F7the person with power to grant the authorisation considers that it is necessary to obtain the data to identify—
i
which internet communications service is being used, and when and how it is being used, by a person or apparatus whose identity is already known,
ii
where or when a person or apparatus whose identity is already known is obtaining access to, or running, a computer file or computer program which wholly or mainly involves making available, or acquiring, material whose possession is a crime, or
iii
which internet service is being used, and when and how it is being used, by a person or apparatus whose identity is already known.
5
Condition C is that—
F8a
either—
i
the purpose for which the data is to be obtained is the purpose of preventing or detecting serious crime mentioned in section 60A(8)(a), 61(7A)(a) or 61A(8)(a), or
ii
the purpose for which the data is to be obtained is the purpose of preventing or detecting crime mentioned in section 60A(8)(b), 61(7A)(b) or 61A(8)(b) and the crime to be prevented or detected is serious crime, and
F9b
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
c
F10the person with power to grant the authorisation considers that it is necessary to obtain the data to identify—
i
which internet communications service is being used, and when and how it is being used, by a person or apparatus whose identity is already known,
ii
where or when a person or apparatus whose identity is already known is obtaining access to, or running, a computer file or computer program which wholly or mainly involves making available, or acquiring, material whose possession is a crime, or
iii
which internet service is being used, and when and how it is being used, by a person or apparatus whose identity is already known.
F116
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
In this Act “internet connection record” means communications data which—
a
may be used to identify, or assist in identifying, a telecommunications service to which a communication is transmitted by means of a telecommunication system for the purpose of obtaining access to, or running, a computer file or computer program, and
b
comprises data generated or processed by a telecommunications operator in the process of supplying the telecommunications service to the sender of the communication (whether or not a person).
S. 62 cross-heading inserted (5.2.2019) by The Data Retention and Acquisition Regulations 2018 (S.I. 2018/1123), reg. 1(4)(d)(5), Sch. 1 para. 2 (see S.I. 2019/174, reg. 2(c))