Review of emerging technologies in policing: findings and recommendations

Findings and recommendations of the Independent advisory group on new and emerging technologies in policing.


Appendix 5: Legislation Table

The table below outlines the most relevant provisions from eight different pieces of legislation, which may apply to one or more of the emerging technologies discussed in this report.

The legislation is listed at the top of each section.

Six categories can be found below each and the subheadings can be described as follows:

(1) a signpost to the numbered section of the relevant act;

(2) a description of its contents;

(3) an outline of the main legislative clauses;

(4) the potential emerging technology to which it may be applied;

(5) a reference to any relevant case law; and

(6) findings and significance of that case law

Legislation

Data Protection Act (DPA) 2018

(1) Section

3(2)

(2) Description

Definition of “personal data”

(3) Summary

Information relating to an identified or identifiable living individual

(4) Applicable Emerging Technology

Databases, Biometric identification systems, Electronic surveillance Systems

(5) Applicable Case Law

N/A

(6) Case Law Findings

N/A

Legislation

DPA 2018

Section

3(4)

Description

Definition of “processing

Summary

Operation performed on personal data, including collection, recording, organisation, structuring, storage, retrieval, use, disclosure by transmission, dissemination and making available.

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

DPA 2018

Section

33(4)

Description

Definition of “profiling”

Summary

Profiling is a form of automated processing of personal data to analyse or predict qualities about an individual.

Applicable Emerging Technology

Database, Biometric, Surveillance

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

DPA 2018

Section

34-40

Description

Data protection principles

Summary

The principles under Part 3, Chapter 2, of the DPA are the provisions for processing personal data for a law enforcement purpose.

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

Legislation

DPA 2018

Section

35(8)

Description

Definition of “sensitive processing”

Summary

Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, and data concerning health or a person's sex life or sexual orientation.

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

Catt v. the United Kingdom

Case Law Findings

Data revealing political opinions are regarded as a “sensitive” category of personal data and, in the Court’s view, it is unacceptable for the national authorities to disregard this aspect by processing such data in accordance with ordinary domestic rules, without taking account of the need for heightened protection. The Court found a violation of Article 8, pointing out that the sensitive nature of the data in question should have constituted a key element of the case before the domestic courts, as it was before the Court (para 112).

Legislation

DPA 2018

Section

38(3)

Description

The fourth data protection principle: personal data must be accurate and kept up to data.

Summary

Requires distinct categories to be made when processing personal data between data subjects, such as suspects, convicted persons, victims, and witnesses.

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

DPA 2018

Section

42

Description

Safeguards: sensitive processing

Summary

Section 35 requires controllers to have an appropriate policy document in place, which explains procedure for complying with DPA principles and the policies for retention and erasure of personal data. These provisions are reliant on consent of data subject or a condition in Schedule 8

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

Case Law Findings

Legislation

DPA 2018

Section

45

Description

Data subject’s right of access

Summary

The information that can be disclosed to a data subject on request. Subsection (4) sets out grounds to refuse data subject’s access either wholly or partly.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

DPA 2018

Section

46-48

Description

Data subject’s rights to rectification or erasure

Summary

Data subject can request data to be corrected, erased or processing to be restricted. The controller can restrict right to rectification if this request would obstruct an investigation. If request has been refused, data subject must be informed.

Applicable Emerging Technology

Databases

Applicable Case Law

Case Law Findings

Legislation

DPA 2018

Section

49-50

Description

Right not to be subject to automated decision-making

Summary

Automated decision-making mut have a legal basis. A “significant decision” in this section means one that produces an adverse legal effect for the data subject or affects the data subject significantly.

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

DPA 2018

Section

55(3)

Description

Controller requirements for implementing appropriate technical and organisation measures

Summary

Controller requires knowledge about the latest developments in technology; the nature, scope, context, and purpose of processing; and the potential risks to rights and freedoms from processing.

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

Business Crime Reduction Partnership [2021] EWCA Civ 42

Case Law Findings

Guidance about what constitutes “appropriate technical and organisational measures” in the context of law enforcement processing.

Legislation

DPA 2018

Section

64

Description

Data protection impact assessment

Summary

DPIAs have statutory status, which are required to highlight and address privacy concerns and risks to individuals’ rights and freedoms. DPIAs must include provisions outlined in subsection (3).

Applicable Emerging Technology

Databases, Biometric, Surveillance

Applicable Case Law

R (Bridges) v Chief Constable of South Wales Police (Respondent) and others [2020] EWCA Civ 1058

Case Law Findings

The court had been wrong to find that the DPIA was adequate. AFR involved impermissibly wide areas of discretion. The DPIA failed to properly assess the rights and freedoms of data subjects and failed to address the measures envisaged to mitigate the risks arising from the identified deficiencies, as required by s.64(3)(b) and ( c) (paras 14, 151-154).

Legislation

DPA 2018

Section

73-78

Description

Transfers of personal data to third Countries etc

Summary

Ss.73-76 deals with general conditions for such transfers.

S77 outlines special conditions for recipients other than relevant authorities.

S78 details special provisions for subsequent transfer of personal data.

Applicable Emerging Technology

Databases

Applicable Case Law

Elgizouli (Appellant) v Secretary of State for the Home Department (Respondent) [2020] UKSC 10

Case Law Findings

Although there was no established common law principle which prohibited the sharing of information relevant to a criminal prosecution in a country which had not abolished the death penalty, the transfer did not meet the requirements for transfer of personal data to a third country as set out in the data Protection Act 2018, s.73.

Legislation

Scottish Biometric Commissioner Act 2020

Section

2

Description

Functions

Summary

The general function is to support and promote the adoption of lawful, effective, and ethical practices in relation to the acquisition, retention, use and destruction of biometric data by Police Scotland, the SPA, and the PIRC.

Applicable Emerging Technology

Biometric Identification Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Scottish Biometric Commissioner Act 2020

Section

7

Description

Code of Practice

Summary

Commissioner must prepare and revise a code of practice on the acquisition, retention, use and destruction of biometric data for criminal justice and police purposes. Subsection (2) requires that the code of practice must include provision about when biometric data must be destroyed in cases where a relevant enactment does not make such provision

Applicable Emerging Technology

Biometric Identification Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Scottish Biometric Commissioner Act 2020

Section

8

Description

Key considerations in preparing the code

Summary

In preparing the code, commissioner must have regard to human rights; individual’s privacy; public’s confidence in police handing biometric data; and safety of society.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Scottish Biometric Commissioner Act 2020

Section

20

Description

Reports & recommendations

Summary

Reports may include recommendations in relation to the technology used or capable of being used for the purpose of acquiring, retaining, using, or destroying biometric data

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Scottish Biometric Commissioner Act 2020

Section

34

Description

Meaning of “biometric data”

Summary

Information about an individual’s physical, biological, physiological, or behavioural characteristics which may reveal the identity of an individual, either on its own or when combined with other information of a biometric or non-biometric nature.

Applicable Emerging Technology

Biometric Identifiable Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Police and Fire Reform (Sc) Act 2012

Section

3(b)

Description

Maintenance of the police

Summary

The Authority may provide and maintain equipment information technology systems if it is necessary for police functions.

Applicable Emerging Technology

Databases, Biometric Information Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Police and Fire Reform (Sc) Act 2012

Section

31

Description

Forensic Services

Summary

The Authority must provide forensic services to the Police Service, the Police Investigations and Review Commissioner and the Lord Advocate and procurators fiscal.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Police and Fire Reform (Sc) Act 2012

Section

32

Description

Policing principles

Summary

The policing principles are that the main purpose of policing is to improve the safety and well-being of persons, localities, and communities in Scotland, and that the Police Service, working in collaboration with others where appropriate, should seek to achieve that main purpose by policing in a way which is accessible to, and engaged with, local communities, and promotes measures to prevent crime, harm, and disorder.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

BC and Others v Iain Livingstone QPM, Chief Constable of the Police Service of Scotland and Others, [2020] CSIH 61

Case Law Findings

Disclosure of information would not be arbitrary but would be dictated by consideration of the relevant policing standards and breaches thereof (paras 101-112, 131-132)

Legislation

Police and Fire Reform (Sc) Act 2012

Section

87(8)

Description

Provision of other goods and services

Summary

The Authority may provide goods and services to any other public body or office-holder, such as information technology systems and equipment (and services involving the development, provision, procurement, maintenance, management, support or oversight of such systems or equipment)

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Protection of Freedoms Act (PoF) 2012

Section

1-16

Description

Part 1: Regulation of Biometric Data

Summary

Provisions in respect of the retention and destruction of fingerprints, footwear impressions and DNA samples and profiles taken during a criminal investigation.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

Case Law Findings

Legislation

PoF: Part 1

Section

1

Description

Destruction of fingerprints and DNA profiles

Summary

Material taken or held by the police must be retained on a statutory basis provided by the PoF, or destroyed. Fingerprints and DNA profiles must be destroyed if taking of material was unlawful or was taken from individuals whose arrest was unlawful/ based on mistaken identity.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

3

Description

Persons arrested for or charged with a qualifying offence

Summary

Individuals arrested or charged with but not convicted of a qualifying offence: material retained for three years.

If person was previously convicted of recordable offence or convicted before material needs to be destroyed by virtue of this section, the material is retained indefinitely.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

4

Description

Persons arrested for or charged with a minor offence

Summary

Material destroyed after decision not to be charged or following acquittal

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

5-6

Description

Persons convicted of a recordable offence; Persons convicted of an offence outside England and Wales

Summary

Material retained indefinitely.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

Case Law Findings

Legislation

PoF: Part 1

Section

7

Description

Persons under 18 convicted of first minor offence

Summary

For custodial sentence for less than 5 years, material retained for 5 years, plus length of custodial sentence.

A custodial sentence longer than 5 years: material retained indefinitely.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

8

Description

Persons given a penalty notice

Summary

Material may be retained for 2 years.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

9

Description

Material retained for purposes of national security

Summary

Retained if national security determination is in place.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

10, 11

Description

Material given voluntarily (10)

Material retained with consent (11)

Summary

S10 material is retained until it has fulfilled its purpose unless individual is convicted of recordable offence as data is retained indefinitely.

S11 individual’s material may be retained for as long as person consents.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

12

Description

Material obtained for one purpose and used for another

Summary

S12 in the event material was taken in connection with an investigation but leads to individual being charged/convicted for another offence, treat material as if it was taken in connection with latter investigation.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

13

Description

Destruction of copies

Summary

Any copy of fingerprints and DNA profiles are required to be destroyed. Copies of DNA may only be retained in a form which does not allow individual to be identified.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

14

Description

Destruction of samples

Summary

DNA samples is required to be destroyed once a DNA profile has been derived from it, or after six months.

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

16

Description

Use of retained material

Summary

Limits the use of material retained under this Act to four conditions: national security; terrorist investigation; prevention or detection of crime/investigation of an offence/conduct of prosecution; or identification of a deceased person/

Applicable Emerging Technology

Databases, Biometric Identification systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

23

Description

Inclusion of DNA profiles on National DNA Database

Summary

DNA profiles must be recorded on the National DNA database.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

28 (2), (3)

Description

Interpretation: Chapter 2

Summary

“Biometric information” relates to a person’s physical or behaviour characteristics which can be used to verify the identity of the individual and is obtained/recorded with the intention that it be used for the purposes of a biometric recognition system.

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

28(3)

Description

Interpretation: Chapter 2

Summary

Biometric information includes skin patterns, physical characteristics, fingers/palms/iris/eye features, and voice or handwriting.

Applicable Emerging Technology

Biometric Identification Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 1

Section

28(4)

Description

Interpretation: Chapter 2

Summary

“Biometric recognition system” is equipment operating automatically to obtain/record information about a person’s physical or behavioural characteristics. This information can then be compared with stored information for the purposes of verifying identify

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 2 – Regulation of Surveillance

Section

29(1)(2)

Description

Code of practice for surveillance camera systems

Summary

Preparation of a code of practice by the Secretary of State, which must contain guidance about surveillance camera systems. Guidance includes development or use of surveillance and the use or processing of images by virtue of such systems.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 2

Section

29(3)

Description

Code of practice

Summary

Provisions may include considerations as to whether to use surveillance camera systems, types of system, technical standards for systems, locations, publications of information about systems, standards, access to/disclosure of information obtained, and complaints procedures.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 2

Section

29(6)

Description

Code of practice

Summary

“Surveillance camera systems” mean CCTV or automatic number plate recognition systems; other systems for recording or viewing images for surveillance, systems for storing/receiving/transmitting/processing or checking images

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF: Part 2

Section

34

Description

Commissioner in relation to code

Summary

Secretary of State must appoint Surveillance Camera Commissioner to ensure compliance, offer guidance, and review operation of the code.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF

Section

37

Description

Judicial approval for obtaining or disclosing communications data

Summary

After a “relevant person” grants an authorisation to obtain communications data following a successful application, judicial approval is required. A “relevant person” is someone who holds office, rank, or position in a local authority. Judicial authority must ensure that statutory tests and conditions have been met and that techniques are necessary and proportionate.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

PoF

Section

38

Description

Judicial approval for directed surveillance and covert human intelligence sources

Summary

Once a relevant person has granted an authorisation for the use of directed surveillance, judicial approval is required. The same procedural requirement as in S37.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

1

Description

Conduct to which the Act applies

Summary

This section describes and defines the conduct that can be authorised under this Part of the Act. Three types of activity are "directed surveillance", "intrusive surveillance" and the conduct and use of covert human intelligence sources.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

5

Description

Lawful Surveillance

Summary

Conduct is lawful if authorised in accordance with the Act and if carried out in accordance with that authorisation.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

6

Description

Authorisation of directed surveillance

Summary

Conduct can only be authorised where it is necessary and proportionate. For it to be necessary it should be for the purpose of preventing or detecting crime or of preventing disorder; in the interests of public safety; or for the purpose of protecting public health

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

8

Description

Person entitled to grant authorisation of directed surveillance.

Summary

Individuals holding such offices, ranks or positions with relevant public authorities as are prescribed for the purposes of this subsection by order made by the Scottish Ministers.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

10

Description

Authorisation of Intrusive surveillance

Summary

Conduct can only be authorised for the purpose of preventing or detecting serious crime; and if that the authorised surveillance is proportionate to what is sought to be achieved by carrying it out. Importantly, consideration should be given to whether the information which it is thought necessary to obtain by the authorised conduct could reasonably be obtained by other means.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

11

Description

Rules for authorising intrusive surveillance.

Summary

An application should be made by a constable to the designated person. The designated person is set out in s10.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

12

Description

Authorising intrusive surveillance urgent cases.

Summary

Mechanism for allowing Police Investigations and Review Commissioner staff to authorise conduct in urgent cases.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

13

Description

Notification of authorisation of intrusive surveillance.

Summary

Notice to be given of grant or cancellation of authorisation of intrusive surveillance to a Judicial Commissioner.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

14

Description

Approval required for authorisations to take effect

Summary

Authorisation of intrusive surveillance will not take effect until the grant of the authorisation has been approved by [ a Judicial Commissioner ] and written notice of the decision of that approval by that Commissioner has been given to the person who granted the authorisation.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

19

Description

General rules about grant renewal and duration

Summary

Authorisation may be granted or renewed orally in any urgent case in which the entitlement to act of the person granting or renewing it is not confined to urgent cases; and in any other case, must be in writing.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

HMA v Purves 2009 S.L.T. 969

Case Law Findings

Held, that the online document, having been prepared personally by the superintendent, could be said to be a written document in terms of s 19, it bore the superintendent's name as authoriser and it was unreasonable to require a signature either pre or post printing when the 2000 Act imposed no such requirement and there was no case law to suggest such a formality (paras 11-12)

Opinion, (1) that the admissibility of the evidence, in the event that the surveillance was not authorised, did not fall to be determined where there was nothing in the evidence which suggested any infringement of the accused's art 8 rights (para 18); (2) that even if there had been a breach of an art 8 right, the evidence would not automatically become inadmissible as a hearing on the full circumstances in which the evidence was obtained would be required and regard would have to be had to the relative importance of the public interest as well as the protection of the accused (para 19).

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

20

Description

Cancellation of authorisation

Summary

Regulation of the circumstances of cancellation.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

24

Description

Issues and revision of codes of practice

Summary

Scottish Ministers should issue codes of practice that address the operation of this statute, part 5 of the Investigatory Powers Act 2016, and Part III of the Police Act 1997 relating to the regulation of interference with property or wireless telegraphy

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

25

Description

Power to issue interim codes

Summary

Facilitates the issuing of interim codes until provisions of s24 can be satisfied.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers (Sc) Act 2000

Section

26

Description

Effect of Codes of Practice

Summary

Codes of practice will not give rise to civil or criminal penalty where an individual fails to comply but may be taken into account in any related proceedings where relevant.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Regulation of Investigatory Powers Act (RIPA) 2000

Section

26

Description

Conduct to which Part II applies

Summary

This section describes and defines the conduct that can be authorised under this Part of the Act. Three types of activity are "directed surveillance", "intrusive surveillance" and the conduct and use of covert human intelligence sources.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

26(2)

Description

Conduct to which Part II applies

Summary

"Directed surveillance" is defined as covert surveillance that is undertaken in relation to a specific investigation or operation which is likely to result in the obtaining of private information about a person (whether or not one specifically identified for the purposes of the investigation or operation); and otherwise than by way of an immediate response to events or circumstances the nature of which is such that it would not be reasonably practicable for an authorisation under this Part to be sought for the carrying out of the surveillance.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

Peck v. the United Kingdom

Case Law Findings

The Court has drawn a distinction between the monitoring of an individual’s acts in a public place for security purposes and the recording of those acts for other purposes, going beyond what the person could possibly have foreseen in order to establish the strict boundary of private life as secured under Article 8 in the sphere of secret surveillance measures and the interception of communications by the State authorities (Peck, paras 59-62; Perry, paras 41-42).

Legislation

RIPA

Section

26(5)

Description

Conduct to which Part II applies

Summary

Surveillance is not intrusive unless information is obtained which is of the same quality and detail that would be expected from a device on a residential premise or in a vehicle.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

26(9)

Description

Conduct to which Part II applies

Summary

Surveillance will be covert where it is carried out in a manner calculated to ensure that the person or persons subject to the surveillance are unaware that it is or may be taking place.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

Peck v. the United Kingdom

Case Law Findings

Video recordings made in a public place using surveillance mechanisms may fall within Article 8 where their disclosure, by its manner or extent, goes beyond what the individuals could reasonably have expected.

Legislation

RIPA

Section

26(10)

Description

Conduct to which Part II applies

Summary

“Private information” is defined in relation to a person, includes any information relating to his private or family life.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

27

Description

Lawful surveillance etc

Summary

All conduct defined in section 26 will be lawful, provided it is carried out in accordance with the authorisation to which it relates. Authorised conduct may cover any action taken either in the UK or abroad.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

28

Description

Authorisation of directed surveillance

Summary

Authorisations cannot be granted unless specific criteria are satisfied, namely, that the person granting the authorisation believes that:

the authorisation is necessary on specific grounds; and the authorised activity is proportionate to what is sought to be achieved by it.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

HMA v Purves 2009 S.L.T. 969

Case Law Findings

Authorisation of directed surveillance was found lawful.

Legislation

RIPA

Section

47

Description

Power to extend or modify authorisation provisions

Summary

The Secretary of State may, by order, change the types of activities which fall within the category of directed surveillance by providing that a type of directed surveillance will be treated as intrusive surveillance. Furthermore, he may, by order, provide those additional types of surveillance, which are not at present defined as directed or intrusive surveillance in section 26, will be covered by the Act and become capable of being authorised under Part II.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

48(2)

Description

Interpretation of Part II

Summary

“Surveillance” includes—

monitoring, observing, or listening to persons, their movements, their conversations or their other activities or communications; recording anything monitored, observed, or listened to during surveillance; and surveillance by or with the assistance of a surveillance device.

Applicable Emerging Technology

Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

49

Description

Notices requiring disclosure

Summary

The power to enable properly authorised persons to serve notices on individuals or bodies requiring the disclosure of protected (e.g. encrypted) information which they lawfully hold, or are likely to, in an intelligible form.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

49(1)

Description

Notices requiring disclosure

Summary

Limits the information to which this power to serve notices applies. It does so by defining the various means by which the protected information in question has been, or is likely to be, lawfully obtained.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

49(2)

Description

Notices requiring disclosure

Summary

Persons with the “appropriate permission” (see Schedule 2) may serve a notice imposing a disclosure requirement in respect of the protected information in question if there are reasonable grounds.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

50

Description

Effect of notice imposing disclosure requirement

Summary

This section explains the effect of serving a notice imposing a disclosure requirement in various circumstances.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

51

Description

Cases in which key required

Summary

This section sets out the extra tests to be fulfilled if a key is required to be disclosed rather than the disclosure of protected information in an intelligible form.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

RIPA

Section

55

Description

General duties of specified authorities

Summary

This section describes the safeguards that must be in place for the protection of any material handed over in response to the serving of a notice under this Act.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Investigatory Powers Act (IPA) 2016

Section

2

Description

General duties in relation to privacy

Summary

A public authority exercising functions under the Act must have regard to whether the level of protection to be applied to information should be higher because of the sensitivity of that information. Must consider whether safeguards should be applied and taking the sensitivity of the information into account when considering whether obtaining the information is proportionate. Subsection (5) includes examples of sensitive information, including items subject to legal privilege and information that identifies or confirms the identity of a source of journalistic information.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

3

Description

Offence of unlawful interception

Summary

It is an offence to intentionally intercept a communication during its transmission without lawful authority. This applies to communications during transmission via a public telecommunications system, a private telecommunications system, or a public postal service.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

4

Description

Definition of “interception” etc.

Summary

Subsections (1) to (5) outline what constitutes intercepting a communication during its transmission by a telecommunications system. Firstly, the person must perform a "relevant act", which is defined in subsection (2) and includes modifying or interfering with the system. Secondly, the consequence of the relevant act must be to make the content of the communication available to a person who is not the sender or intended recipient. Thirdly, the content must be made available at a "relevant time", which means a time while the communication is being transmitted or any time when the communication is stored in or by the system.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

6

Description

Definition of “lawful authority”

Summary

There are three conditions in which a person may have lawful authority to carry out interception. The first is through a targeted or bulk warrant. The second is through any of the other forms of lawful interception provided for in Ss.44 to 52 of the Act, such as interception in prisons or interception with consent. Thirdly, in relation to stored communications, interception is lawful if authorised by an equipment interference warrant or if it is in exercise of any statutory power for the purpose of obtaining information or taking possession of any document or other property or in accordance with a court order.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

15(1)

Description

Warrants that may be issued under this Chapter

Summary

There are three types of warrants which can be issued under this chapter: a targeted interception warrant, a targeted examination warrant and a mutual assistance warrant.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

15(2)

Description

Warrants that may be issued under this Chapter

Summary

This section describes a targeted interception warrant and provides that such an interception warrant may authorise any activity for obtaining secondary data.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

15(3)

Description

Warrants that may be issued under this Chapter

Summary

A targeted examination warrant grants the examination of material that has been collected under a bulk interception warrant. This warrant must be authorised whenever a member of an intelligence service needs to look at material which relates to a person who is known to be in the British Islands and when he or she believes that it is necessary and proportionate to select the content of that person’s communications for examination.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

15(5)

Description

Warrants that may be issued under this Chapter

Summary

This section explains that a warrant authorises any conduct necessary to fulfil what is authorised or required by the warrant, including the interception of communications not specifically described in the warrant, or the obtaining of secondary data from such communications.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

16

Description

Obtaining secondary data

Summary

Secondary data is systems data or identifying data attached to the communications being transmitted. Identifying data must be able to be separated so that it would not reveal the content of the communication.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

17

Description

Subject-matter of warrants

Summary

Subsection (1) sets out that a warrant may be directed towards a particular person or organisation, or a single set of premises. Subsection (2) outlines that a warrant may also relate to a group of linked persons, or to more than one person or organisation, or set of premises in the context of a single investigation or operation. A warrant may also relate to testing or training activities, explained in more detail in subsection (3).

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

20

Description

Grounds on which warrants may be issued by the Secretary of State

Summary

The grounds include in the interests of national security, for the purpose of preventing or detecting serious crime, in the interests of the economic well-being of the United Kingdom (in circumstances relevant to the interests of national security), or for giving effect to the provisions of a mutual assistance agreement.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

31

Description

Requirements that must be met by warrants

Summary

Subsections (2) to (8) outline the information a warrant must contain. If a warrant relates to a single person, organisation/set of premises, the warrant must name that person/ organisation/those premises.

A warrant may relate to a group of persons linked by a common purpose or activity, or to more than one person/organisation/set of premises linked to a single operation/investigation. In such a case the link must be described and the warrant must name or describe as many of the persons, organisations or sets of premises as is reasonably practicable.

The warrant must specify the factors that are to be used to identify the communications that are to be intercepted or selected for examination.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

32

Description

Duration of warrants

Summary

An interception warrant will last for six months (unless it is cancelled earlier). If the warrant is not renewed it will cease to have effect after that period. Urgent warrants will last for five working days unless renewed.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

33

Description

Renewal of warrants

Summary

Subsections (1) to (3) state that a warrant may be renewed by the Secretary of State or a member of the Scottish Government. To be renewed, a warrant must be necessary and proportionate, applying the same tests as for issuing a warrant. As with an application for an interception warrant, the decision to renew the warrant must also be approved by a Judicial Commissioner.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

44

Description

Interception with the consent of the sender or recipient

Summary

Subsection (1) explains that communications may be intercepted if both the person sending the communication and the intended recipient of the communication have given consent for the interception.

Subsection (2) states that the interception of a communication is authorised if either the sender or the intended recipient has consented, and surveillance has been authorised under Part 2 of RIPA.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

53

Description

Safeguards relating to retention and disclosure of material

Summary

The issuing authority must ensure that arrangements are in place for securing those certain requirements are met relating to retention and disclosure of material obtained under the warrant. The number of persons who see the material, the extent of disclosure and the number of copies made of any material must be to the minimum necessary for the authorised purposes

Applicable Emerging Technology

Databases, Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

61

Description

Power to grant authorisations

Summary

This section details the power for relevant public authorities to acquire communications data. Communications data is the ‘who,’ ‘when,’ ‘where’ and ‘how’ of a communication, but not its content. An authorisation can be granted where a designated senior officer in a relevant public authority is content that a request is necessary for one of the 10 purposes set out in subsection (7) and proportionate to what is sought to be achieved. Communications data cannot be acquired for any other purposes and only certain authorities can use certain purposes, as outlined in Schedule 4.

Applicable Emerging Technology

Databases, Electronic Surveillance Systems (interception technologies)

Applicable Case Law

Big Brother Watch v United Kingdom

Case Law Findings

RIPA 2000, Ch II for acquiring communications data from communication service providers violates art 8 as it is not in accordance with the law. Both these regimes were also held to violate art 10.

Note: the IPA replaced RIPA, which is why this case law has been put in this section.

Legislation

IPA

Section

61(5)

Description

Power to grant authorisations

Summary

An authorisation may cover data that is not in existence at the time of the authorisation

Applicable Emerging Technology

Databases, Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

67

Description

Filtering arrangements for obtaining data

Summary

Outlines the power to establish filtering arrangements to facilitate the lawful, efficient, and effective obtaining of communications data by relevant public authorities and to help determine whether the tests for granting an authorisation to obtain data have been met. The filtering arrangements will minimise the communications data obtained, thereby ensuring that privacy is properly protected.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

99(2)

Description

Warrants under this Part: general

Summary

A targeted equipment interference warrant authorises the interference with equipment for the purpose of obtaining communications, information, or equipment data.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

99(4)

Description

Warrants under this Part: general

Summary

The acquisition of communications or other information through a targeted equipment interference can include monitoring, observing, or listening to communications or activities. As a result, it is not be necessary for such activity to be authorised separately under Part 2 of RIPA

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

100

Description

Meaning of “equipment data”

Summary

Under a targeted equipment interference warrant, equipment data means systems data or identifying data. To be equipment data, identifying data must be capable of being separated from the communication or item of information in such a way that, when separated, it would not reveal the meaning (if any) of the content of the communication or the meaning (if any) of an item of information.

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

106

Description

Power to issue warrants to law enforcement officers

Summary

Circumstances in which a law enforcement chief can issue a targeted equipment interference warrant to an appropriate law enforcement officer, outlining the process and requirements.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

135(1)

Description

Part 5: interpretation

Summary

“Communication” includes

anything comprising speech, music, sounds, visual images or data of any description, and signals serving either for the impartation of anything between persons, between a person and a thing or between things or for the actuation or control of any apparatus.

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

135(2)

Description

Part 5: interpretation

Summary

“Equipment” means equipment producing electromagnetic, acoustic, or other emissions or any device capable of being used in connection with such equipment.

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

136

Description

Bulk interception warrants

Summary

A bulk interception warrant may be authorised to intercepted overseas-related communications or to obtain secondary data from such communications.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

Big Brother Watch v United Kingdom

Case Law Findings

The ECtHR held that the bulk interception regime under RIPA 2000, s 8(4) violates ECHR, art 8 due to lack of oversight.

A regime of bulk interception of communications did not contain sufficient “end-to-end” safeguards to provide adequate and effective guarantees against arbitrariness and the risk of abuse, even though certain robust safeguards were identified (paras 424-427)

Legislation

IPA

Section

137

Description

Obtaining secondary data

Summary

Outlines secondary data which can be obtained under a bulk interception warrant.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

138

Description

Power to issue bulk interception warrants

Summary

The Secretary of State may issue a bulk interception warrant only if it is necessary and proportionate, for one or more specified statutory purposes. Subsection (1) makes clear that the interests of national security must always be one of those purposes.

Applicable Emerging Technology

Electronic Surveillance Systems (interception technologies)

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

158

Description

Power to issue bulk acquisition warrants

Summary

A warrant may be authorised only where it is necessary and proportionate for one or more specified statutory purposes. The interests of national security must always be one of the reasons. The warrant must be approved by a Judicial Commissioner. A warrant may only be issued to the three intelligence agencies.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

199(1)

Description

Bulk personal datasets: interpretation

Summary

A bulk personal dataset is a set of information that includes personal data relating to several individuals, the majority of whom are not, and are unlikely to become, of interest to the service in the exercise of its functions.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

199(2)

Description

Bulk personal datasets: interpretation

Summary

Defines personal data. The definition is the same as in the Data Protection Act 1998 (DPA), but this also includes data relating to deceased persons.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

200

Description

Requirement for authorisation by warrant: general

Summary

An intelligence service may not exercise a power to retain a BPD unless its retention is authorised by either a “class BPD warrant” (authorising an intelligence service to retain, or retain and examine, any BPD of a class described in the warrant) or a “specific BPD warrant” (authorising an intelligence service to retain, or retain and examine, any BPD described in the warrant):

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

204

Description

Class BPD warrants

Summary

Authorises the retention and examination of datasets that can be said to fall into a class because they are of a similar type and raise similar considerations. Subsection (2) specifies what an application for a class BPD warrant must include: a description of the class of bulk personal datasets and the operational purposes for which it is proposed to examine datasets of that class.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

205(2)

Description

Specific BPD warrants

Summary

The dataset does not fall within a class described by an existing class BPD warrant. An example of this could be a new type of dataset.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

205(3)

Description

Specific BPD warrants

Summary

A dataset falls within a class BPD warrant, but either S202 prevents the intelligence service from relying on a BPD class warrant or the service believes that it would be appropriate to seek a specific BPD warrant.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

205(6)

Description

Specific BPD warrants

Summary

These outline the conditions, which are the same for class BPD warrants. The Secretary of State can issue a warrant if they believe that it is necessary for specified purposes and proportionate, and that adequate handling arrangements are in place. The Secretary of State must also consider that each operational purpose specified in the warrant is one for which the examination of the bulk personal dataset to which the application relates is or may be necessary, and that the examination of the dataset for such an operational purpose is necessary for the statutory purposes set out in subsection (5)(a).

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

221

Description

Safeguards relating to the examination of bulk personal datasets

Summary

The Secretary of State must ensure that arrangements are in force for securing that any selection for examination of data contained in BPDs is carried out only as far as is necessary for the operational purposes specified in the warrant (at the time of the selection); and the selection of any such data is necessary and proportionate in all the circumstances.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

IPA

Section

Part 5; Part 6; Part 7

Description

Safeguards

Summary

These parts are all similar in that they outline the provisions for the duration, renewal, approval, modification, cancellation, implementation, and non-renewal of warrants.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Human Rights Act 1998 (HRA)

Section

Schedule 1, Article 8

Description

Right to respect for private and family life

Summary

The right to respect his private and family life, his home, and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety, or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

Case Law Findings

Legislation

HRA

Section

Schedule 1, Article 9

Description

Freedom of thought, conscience, and religion

Summary

Everyone has the right to freedom of thought, conscience, and religion; this right includes freedom to change his religion or belief and freedom, either alone or in community with others and in public or private, to manifest his religion or belief, in worship, teaching, practice and observance.

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

HRA

Section

Schedule 1, Article 10

Description

Freedom of expression

Summary

Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

HRA

Section

Schedule 1, Article 14

Description

Prohibition of discrimination

Summary

The enjoyment of the rights and freedoms set forth in this Convention shall be secured without discrimination on any ground such as sex, race, colour, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth, or other status.

Applicable Emerging Technology

Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+ Convention for the protection of individual with regards to the processing of personal data

Section

Article 2(a)

Description

Definitions

Summary

“Personal data” means any information relating to an identified or identifiable individual (“data subject”)

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

Article 2(b)

Description

Definitions

Summary

“Data processing” means any operation or set of operations performed on personal data, such as the collection, storage, preservation, alteration, retrieval, disclosure, making available, erasure, or destruction of, or the carrying out of logical and/or arithmetical operations on such data

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

2(c)

Description

Definitions

Summary

Where automated processing is not used, “data processing” means an operation or set of operations performed upon personal data within a structured set of such data which are accessible or retrievable according to specific criteria

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

3

Description

Scope

Summary

Each Party undertakes to apply this Convention to data processing subject to its jurisdiction in the public and private sectors, thereby securing every individual’s right to protection of his or her personal data

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

5(1)

Description

Legitimacy of data processing and quality of data

Summary

Data processing must be proportionate, that is, appropriate in relation to the legitimate purpose pursued and having regard to the interests, rights and freedoms of the data subject or the public interest. Such data processing should not lead to a disproportionate interference with these interests, rights, and freedoms.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

5(2)

Description

Legitimacy of data processing and quality of data

Summary

Two other pre-requisites for a lawful processing are an individual’s consent or a legitimate basis prescribed by law.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

5(4)

Description

Legitimacy of data processing and quality of data

Summary

Data processing is fair and transparent, does not go beyond the scope of the original purpose and that it is only preserved in a form that allows identification for the shorted possible period of time

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

6

Description

Special categories of data

Summary

The processing of genetic data, personal data relating to offences, criminal proceedings and convictions, and related security measures, biometric data uniquely identifying a person, personal data for the information they reveal relating to racial or ethnic origin, political opinions, trade-union membership, religious or other beliefs, health, or sexual life, shall only be allowed where appropriate safeguards are enshrined in law.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

7

Description

Data security

Summary

The controller, and processor, takes appropriate security measures against risks such as accidental or unauthorised access to, destruction, loss, use, modification, or disclosure of personal data.

Applicable Emerging Technology

Databases

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

8

Description

Transparency of processing

Summary

The controller must be transparent when processing data to ensure fair processing and to allow data subjects to understand and exercise their rights in the context of such data processing

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

9

Description

Rights of the data subject

Summary

Lists the rights that every individual should be able to exercise concerning the processing of personal data. Each Party shall ensure, within its legal order, that all those rights are available for every data subject together with the necessary means to exercise them.

Applicable Emerging Technology

Databases, Biometric Identification Systems, Electronic Surveillance Systems

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

Convention 108+

Section

11

Description

Exceptions and restrictions

Summary

There can be an exception to this provision when it is necessary and proportionate for the prevention, investigation, and prosecution of criminal offences.

Applicable Emerging Technology

N/A

Applicable Case Law

N/A

Case Law Findings

N/A

Legislation

UK

Criminal Procedure (Scotland) Act 1995

Data Protection Act 2018

Equality Act 2010

Human Rights Act 1998

Investigatory Powers Act 2016

Police and Fire Reform (Sc) Act 2012

Regulation of Investigatory Powers Act 2000

Regulation of Investigatory Powers (Sc) Act 2000

Police, Crime, Sentencing and Courts Act 2022

Protection of Freedom Act 2012

Scottish Biometric Commissioner Act 2020

EU

Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the one part, and the United Kingdom of Great Britain and Northern Ireland, of the other part [2021] OJ L149/10

Preparatory Documents

Proposal for a Regulation of the European Parliament and of the Council on European data governance (Data Governance Act) - Outcome of the European Parliament's first reading (Strasbourg, 4-7 April 2022), ST 7853 2022 INIT

Contact

Email: ryan.paterson@gov.scot

Back to top