Review of emerging technologies in policing: findings and recommendations
Findings and recommendations of the Independent advisory group on new and emerging technologies in policing.
Appendix 5: Legislation Table
The table below outlines the most relevant provisions from eight different pieces of legislation, which may apply to one or more of the emerging technologies discussed in this report.
The legislation is listed at the top of each section.
Six categories can be found below each and the subheadings can be described as follows:
(1) a signpost to the numbered section of the relevant act;
(2) a description of its contents;
(3) an outline of the main legislative clauses;
(4) the potential emerging technology to which it may be applied;
(5) a reference to any relevant case law; and
(6) findings and significance of that case law
Legislation
Data Protection Act (DPA) 2018
(1) Section
3(2)
(2) Description
Definition of “personal data”
(3) Summary
Information relating to an identified or identifiable living individual
(4) Applicable Emerging Technology
Databases, Biometric identification systems, Electronic surveillance Systems
(5) Applicable Case Law
N/A
(6) Case Law Findings
N/A
Legislation
DPA 2018
Section
3(4)
Description
Definition of “processing
Summary
Operation performed on personal data, including collection, recording, organisation, structuring, storage, retrieval, use, disclosure by transmission, dissemination and making available.
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
DPA 2018
Section
33(4)
Description
Definition of “profiling”
Summary
Profiling is a form of automated processing of personal data to analyse or predict qualities about an individual.
Applicable Emerging Technology
Database, Biometric, Surveillance
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
DPA 2018
Section
34-40
Description
Data protection principles
Summary
The principles under Part 3, Chapter 2, of the DPA are the provisions for processing personal data for a law enforcement purpose.
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
Legislation
DPA 2018
Section
35(8)
Description
Definition of “sensitive processing”
Summary
Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, and data concerning health or a person's sex life or sexual orientation.
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
Catt v. the United Kingdom
Case Law Findings
Data revealing political opinions are regarded as a “sensitive” category of personal data and, in the Court’s view, it is unacceptable for the national authorities to disregard this aspect by processing such data in accordance with ordinary domestic rules, without taking account of the need for heightened protection. The Court found a violation of Article 8, pointing out that the sensitive nature of the data in question should have constituted a key element of the case before the domestic courts, as it was before the Court (para 112).
Legislation
DPA 2018
Section
38(3)
Description
The fourth data protection principle: personal data must be accurate and kept up to data.
Summary
Requires distinct categories to be made when processing personal data between data subjects, such as suspects, convicted persons, victims, and witnesses.
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
DPA 2018
Section
42
Description
Safeguards: sensitive processing
Summary
Section 35 requires controllers to have an appropriate policy document in place, which explains procedure for complying with DPA principles and the policies for retention and erasure of personal data. These provisions are reliant on consent of data subject or a condition in Schedule 8
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
Case Law Findings
Legislation
DPA 2018
Section
45
Description
Data subject’s right of access
Summary
The information that can be disclosed to a data subject on request. Subsection (4) sets out grounds to refuse data subject’s access either wholly or partly.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
DPA 2018
Section
46-48
Description
Data subject’s rights to rectification or erasure
Summary
Data subject can request data to be corrected, erased or processing to be restricted. The controller can restrict right to rectification if this request would obstruct an investigation. If request has been refused, data subject must be informed.
Applicable Emerging Technology
Databases
Applicable Case Law
Case Law Findings
Legislation
DPA 2018
Section
49-50
Description
Right not to be subject to automated decision-making
Summary
Automated decision-making mut have a legal basis. A “significant decision” in this section means one that produces an adverse legal effect for the data subject or affects the data subject significantly.
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
DPA 2018
Section
55(3)
Description
Controller requirements for implementing appropriate technical and organisation measures
Summary
Controller requires knowledge about the latest developments in technology; the nature, scope, context, and purpose of processing; and the potential risks to rights and freedoms from processing.
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
Business Crime Reduction Partnership [2021] EWCA Civ 42
Case Law Findings
Guidance about what constitutes “appropriate technical and organisational measures” in the context of law enforcement processing.
Legislation
DPA 2018
Section
64
Description
Data protection impact assessment
Summary
DPIAs have statutory status, which are required to highlight and address privacy concerns and risks to individuals’ rights and freedoms. DPIAs must include provisions outlined in subsection (3).
Applicable Emerging Technology
Databases, Biometric, Surveillance
Applicable Case Law
R (Bridges) v Chief Constable of South Wales Police (Respondent) and others [2020] EWCA Civ 1058
Case Law Findings
The court had been wrong to find that the DPIA was adequate. AFR involved impermissibly wide areas of discretion. The DPIA failed to properly assess the rights and freedoms of data subjects and failed to address the measures envisaged to mitigate the risks arising from the identified deficiencies, as required by s.64(3)(b) and ( c) (paras 14, 151-154).
Legislation
DPA 2018
Section
73-78
Description
Transfers of personal data to third Countries etc
Summary
Ss.73-76 deals with general conditions for such transfers.
S77 outlines special conditions for recipients other than relevant authorities.
S78 details special provisions for subsequent transfer of personal data.
Applicable Emerging Technology
Databases
Applicable Case Law
Elgizouli (Appellant) v Secretary of State for the Home Department (Respondent) [2020] UKSC 10
Case Law Findings
Although there was no established common law principle which prohibited the sharing of information relevant to a criminal prosecution in a country which had not abolished the death penalty, the transfer did not meet the requirements for transfer of personal data to a third country as set out in the data Protection Act 2018, s.73.
Legislation
Scottish Biometric Commissioner Act 2020
Section
2
Description
Functions
Summary
The general function is to support and promote the adoption of lawful, effective, and ethical practices in relation to the acquisition, retention, use and destruction of biometric data by Police Scotland, the SPA, and the PIRC.
Applicable Emerging Technology
Biometric Identification Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Scottish Biometric Commissioner Act 2020
Section
7
Description
Code of Practice
Summary
Commissioner must prepare and revise a code of practice on the acquisition, retention, use and destruction of biometric data for criminal justice and police purposes. Subsection (2) requires that the code of practice must include provision about when biometric data must be destroyed in cases where a relevant enactment does not make such provision
Applicable Emerging Technology
Biometric Identification Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Scottish Biometric Commissioner Act 2020
Section
8
Description
Key considerations in preparing the code
Summary
In preparing the code, commissioner must have regard to human rights; individual’s privacy; public’s confidence in police handing biometric data; and safety of society.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Scottish Biometric Commissioner Act 2020
Section
20
Description
Reports & recommendations
Summary
Reports may include recommendations in relation to the technology used or capable of being used for the purpose of acquiring, retaining, using, or destroying biometric data
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Scottish Biometric Commissioner Act 2020
Section
34
Description
Meaning of “biometric data”
Summary
Information about an individual’s physical, biological, physiological, or behavioural characteristics which may reveal the identity of an individual, either on its own or when combined with other information of a biometric or non-biometric nature.
Applicable Emerging Technology
Biometric Identifiable Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Police and Fire Reform (Sc) Act 2012
Section
3(b)
Description
Maintenance of the police
Summary
The Authority may provide and maintain equipment information technology systems if it is necessary for police functions.
Applicable Emerging Technology
Databases, Biometric Information Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Police and Fire Reform (Sc) Act 2012
Section
31
Description
Forensic Services
Summary
The Authority must provide forensic services to the Police Service, the Police Investigations and Review Commissioner and the Lord Advocate and procurators fiscal.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Police and Fire Reform (Sc) Act 2012
Section
32
Description
Policing principles
Summary
The policing principles are that the main purpose of policing is to improve the safety and well-being of persons, localities, and communities in Scotland, and that the Police Service, working in collaboration with others where appropriate, should seek to achieve that main purpose by policing in a way which is accessible to, and engaged with, local communities, and promotes measures to prevent crime, harm, and disorder.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
BC and Others v Iain Livingstone QPM, Chief Constable of the Police Service of Scotland and Others, [2020] CSIH 61
Case Law Findings
Disclosure of information would not be arbitrary but would be dictated by consideration of the relevant policing standards and breaches thereof (paras 101-112, 131-132)
Legislation
Police and Fire Reform (Sc) Act 2012
Section
87(8)
Description
Provision of other goods and services
Summary
The Authority may provide goods and services to any other public body or office-holder, such as information technology systems and equipment (and services involving the development, provision, procurement, maintenance, management, support or oversight of such systems or equipment)
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Protection of Freedoms Act (PoF) 2012
Section
1-16
Description
Part 1: Regulation of Biometric Data
Summary
Provisions in respect of the retention and destruction of fingerprints, footwear impressions and DNA samples and profiles taken during a criminal investigation.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
Case Law Findings
Legislation
PoF: Part 1
Section
1
Description
Destruction of fingerprints and DNA profiles
Summary
Material taken or held by the police must be retained on a statutory basis provided by the PoF, or destroyed. Fingerprints and DNA profiles must be destroyed if taking of material was unlawful or was taken from individuals whose arrest was unlawful/ based on mistaken identity.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
3
Description
Persons arrested for or charged with a qualifying offence
Summary
Individuals arrested or charged with but not convicted of a qualifying offence: material retained for three years.
If person was previously convicted of recordable offence or convicted before material needs to be destroyed by virtue of this section, the material is retained indefinitely.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
4
Description
Persons arrested for or charged with a minor offence
Summary
Material destroyed after decision not to be charged or following acquittal
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
5-6
Description
Persons convicted of a recordable offence; Persons convicted of an offence outside England and Wales
Summary
Material retained indefinitely.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
Case Law Findings
Legislation
PoF: Part 1
Section
7
Description
Persons under 18 convicted of first minor offence
Summary
For custodial sentence for less than 5 years, material retained for 5 years, plus length of custodial sentence.
A custodial sentence longer than 5 years: material retained indefinitely.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
8
Description
Persons given a penalty notice
Summary
Material may be retained for 2 years.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
9
Description
Material retained for purposes of national security
Summary
Retained if national security determination is in place.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
10, 11
Description
Material given voluntarily (10)
Material retained with consent (11)
Summary
S10 material is retained until it has fulfilled its purpose unless individual is convicted of recordable offence as data is retained indefinitely.
S11 individual’s material may be retained for as long as person consents.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
12
Description
Material obtained for one purpose and used for another
Summary
S12 in the event material was taken in connection with an investigation but leads to individual being charged/convicted for another offence, treat material as if it was taken in connection with latter investigation.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
13
Description
Destruction of copies
Summary
Any copy of fingerprints and DNA profiles are required to be destroyed. Copies of DNA may only be retained in a form which does not allow individual to be identified.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
14
Description
Destruction of samples
Summary
DNA samples is required to be destroyed once a DNA profile has been derived from it, or after six months.
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
16
Description
Use of retained material
Summary
Limits the use of material retained under this Act to four conditions: national security; terrorist investigation; prevention or detection of crime/investigation of an offence/conduct of prosecution; or identification of a deceased person/
Applicable Emerging Technology
Databases, Biometric Identification systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
23
Description
Inclusion of DNA profiles on National DNA Database
Summary
DNA profiles must be recorded on the National DNA database.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
28 (2), (3)
Description
Interpretation: Chapter 2
Summary
“Biometric information” relates to a person’s physical or behaviour characteristics which can be used to verify the identity of the individual and is obtained/recorded with the intention that it be used for the purposes of a biometric recognition system.
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
28(3)
Description
Interpretation: Chapter 2
Summary
Biometric information includes skin patterns, physical characteristics, fingers/palms/iris/eye features, and voice or handwriting.
Applicable Emerging Technology
Biometric Identification Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 1
Section
28(4)
Description
Interpretation: Chapter 2
Summary
“Biometric recognition system” is equipment operating automatically to obtain/record information about a person’s physical or behavioural characteristics. This information can then be compared with stored information for the purposes of verifying identify
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 2 – Regulation of Surveillance
Section
29(1)(2)
Description
Code of practice for surveillance camera systems
Summary
Preparation of a code of practice by the Secretary of State, which must contain guidance about surveillance camera systems. Guidance includes development or use of surveillance and the use or processing of images by virtue of such systems.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 2
Section
29(3)
Description
Code of practice
Summary
Provisions may include considerations as to whether to use surveillance camera systems, types of system, technical standards for systems, locations, publications of information about systems, standards, access to/disclosure of information obtained, and complaints procedures.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 2
Section
29(6)
Description
Code of practice
Summary
“Surveillance camera systems” mean CCTV or automatic number plate recognition systems; other systems for recording or viewing images for surveillance, systems for storing/receiving/transmitting/processing or checking images
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF: Part 2
Section
34
Description
Commissioner in relation to code
Summary
Secretary of State must appoint Surveillance Camera Commissioner to ensure compliance, offer guidance, and review operation of the code.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF
Section
37
Description
Judicial approval for obtaining or disclosing communications data
Summary
After a “relevant person” grants an authorisation to obtain communications data following a successful application, judicial approval is required. A “relevant person” is someone who holds office, rank, or position in a local authority. Judicial authority must ensure that statutory tests and conditions have been met and that techniques are necessary and proportionate.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
PoF
Section
38
Description
Judicial approval for directed surveillance and covert human intelligence sources
Summary
Once a relevant person has granted an authorisation for the use of directed surveillance, judicial approval is required. The same procedural requirement as in S37.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
1
Description
Conduct to which the Act applies
Summary
This section describes and defines the conduct that can be authorised under this Part of the Act. Three types of activity are "directed surveillance", "intrusive surveillance" and the conduct and use of covert human intelligence sources.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
5
Description
Lawful Surveillance
Summary
Conduct is lawful if authorised in accordance with the Act and if carried out in accordance with that authorisation.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
6
Description
Authorisation of directed surveillance
Summary
Conduct can only be authorised where it is necessary and proportionate. For it to be necessary it should be for the purpose of preventing or detecting crime or of preventing disorder; in the interests of public safety; or for the purpose of protecting public health
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
8
Description
Person entitled to grant authorisation of directed surveillance.
Summary
Individuals holding such offices, ranks or positions with relevant public authorities as are prescribed for the purposes of this subsection by order made by the Scottish Ministers.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
10
Description
Authorisation of Intrusive surveillance
Summary
Conduct can only be authorised for the purpose of preventing or detecting serious crime; and if that the authorised surveillance is proportionate to what is sought to be achieved by carrying it out. Importantly, consideration should be given to whether the information which it is thought necessary to obtain by the authorised conduct could reasonably be obtained by other means.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
11
Description
Rules for authorising intrusive surveillance.
Summary
An application should be made by a constable to the designated person. The designated person is set out in s10.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
12
Description
Authorising intrusive surveillance urgent cases.
Summary
Mechanism for allowing Police Investigations and Review Commissioner staff to authorise conduct in urgent cases.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
13
Description
Notification of authorisation of intrusive surveillance.
Summary
Notice to be given of grant or cancellation of authorisation of intrusive surveillance to a Judicial Commissioner.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
14
Description
Approval required for authorisations to take effect
Summary
Authorisation of intrusive surveillance will not take effect until the grant of the authorisation has been approved by [ a Judicial Commissioner ] and written notice of the decision of that approval by that Commissioner has been given to the person who granted the authorisation.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
19
Description
General rules about grant renewal and duration
Summary
Authorisation may be granted or renewed orally in any urgent case in which the entitlement to act of the person granting or renewing it is not confined to urgent cases; and in any other case, must be in writing.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
HMA v Purves 2009 S.L.T. 969
Case Law Findings
Held, that the online document, having been prepared personally by the superintendent, could be said to be a written document in terms of s 19, it bore the superintendent's name as authoriser and it was unreasonable to require a signature either pre or post printing when the 2000 Act imposed no such requirement and there was no case law to suggest such a formality (paras 11-12)
Opinion, (1) that the admissibility of the evidence, in the event that the surveillance was not authorised, did not fall to be determined where there was nothing in the evidence which suggested any infringement of the accused's art 8 rights (para 18); (2) that even if there had been a breach of an art 8 right, the evidence would not automatically become inadmissible as a hearing on the full circumstances in which the evidence was obtained would be required and regard would have to be had to the relative importance of the public interest as well as the protection of the accused (para 19).
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
20
Description
Cancellation of authorisation
Summary
Regulation of the circumstances of cancellation.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
24
Description
Issues and revision of codes of practice
Summary
Scottish Ministers should issue codes of practice that address the operation of this statute, part 5 of the Investigatory Powers Act 2016, and Part III of the Police Act 1997 relating to the regulation of interference with property or wireless telegraphy
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
25
Description
Power to issue interim codes
Summary
Facilitates the issuing of interim codes until provisions of s24 can be satisfied.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers (Sc) Act 2000
Section
26
Description
Effect of Codes of Practice
Summary
Codes of practice will not give rise to civil or criminal penalty where an individual fails to comply but may be taken into account in any related proceedings where relevant.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Regulation of Investigatory Powers Act (RIPA) 2000
Section
26
Description
Conduct to which Part II applies
Summary
This section describes and defines the conduct that can be authorised under this Part of the Act. Three types of activity are "directed surveillance", "intrusive surveillance" and the conduct and use of covert human intelligence sources.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
26(2)
Description
Conduct to which Part II applies
Summary
"Directed surveillance" is defined as covert surveillance that is undertaken in relation to a specific investigation or operation which is likely to result in the obtaining of private information about a person (whether or not one specifically identified for the purposes of the investigation or operation); and otherwise than by way of an immediate response to events or circumstances the nature of which is such that it would not be reasonably practicable for an authorisation under this Part to be sought for the carrying out of the surveillance.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
Peck v. the United Kingdom
Case Law Findings
The Court has drawn a distinction between the monitoring of an individual’s acts in a public place for security purposes and the recording of those acts for other purposes, going beyond what the person could possibly have foreseen in order to establish the strict boundary of private life as secured under Article 8 in the sphere of secret surveillance measures and the interception of communications by the State authorities (Peck, paras 59-62; Perry, paras 41-42).
Legislation
RIPA
Section
26(5)
Description
Conduct to which Part II applies
Summary
Surveillance is not intrusive unless information is obtained which is of the same quality and detail that would be expected from a device on a residential premise or in a vehicle.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
26(9)
Description
Conduct to which Part II applies
Summary
Surveillance will be covert where it is carried out in a manner calculated to ensure that the person or persons subject to the surveillance are unaware that it is or may be taking place.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
Peck v. the United Kingdom
Case Law Findings
Video recordings made in a public place using surveillance mechanisms may fall within Article 8 where their disclosure, by its manner or extent, goes beyond what the individuals could reasonably have expected.
Legislation
RIPA
Section
26(10)
Description
Conduct to which Part II applies
Summary
“Private information” is defined in relation to a person, includes any information relating to his private or family life.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
27
Description
Lawful surveillance etc
Summary
All conduct defined in section 26 will be lawful, provided it is carried out in accordance with the authorisation to which it relates. Authorised conduct may cover any action taken either in the UK or abroad.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
28
Description
Authorisation of directed surveillance
Summary
Authorisations cannot be granted unless specific criteria are satisfied, namely, that the person granting the authorisation believes that:
the authorisation is necessary on specific grounds; and the authorised activity is proportionate to what is sought to be achieved by it.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
HMA v Purves 2009 S.L.T. 969
Case Law Findings
Authorisation of directed surveillance was found lawful.
Legislation
RIPA
Section
47
Description
Power to extend or modify authorisation provisions
Summary
The Secretary of State may, by order, change the types of activities which fall within the category of directed surveillance by providing that a type of directed surveillance will be treated as intrusive surveillance. Furthermore, he may, by order, provide those additional types of surveillance, which are not at present defined as directed or intrusive surveillance in section 26, will be covered by the Act and become capable of being authorised under Part II.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
48(2)
Description
Interpretation of Part II
Summary
“Surveillance” includes—
monitoring, observing, or listening to persons, their movements, their conversations or their other activities or communications; recording anything monitored, observed, or listened to during surveillance; and surveillance by or with the assistance of a surveillance device.
Applicable Emerging Technology
Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
49
Description
Notices requiring disclosure
Summary
The power to enable properly authorised persons to serve notices on individuals or bodies requiring the disclosure of protected (e.g. encrypted) information which they lawfully hold, or are likely to, in an intelligible form.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
49(1)
Description
Notices requiring disclosure
Summary
Limits the information to which this power to serve notices applies. It does so by defining the various means by which the protected information in question has been, or is likely to be, lawfully obtained.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
49(2)
Description
Notices requiring disclosure
Summary
Persons with the “appropriate permission” (see Schedule 2) may serve a notice imposing a disclosure requirement in respect of the protected information in question if there are reasonable grounds.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
50
Description
Effect of notice imposing disclosure requirement
Summary
This section explains the effect of serving a notice imposing a disclosure requirement in various circumstances.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
51
Description
Cases in which key required
Summary
This section sets out the extra tests to be fulfilled if a key is required to be disclosed rather than the disclosure of protected information in an intelligible form.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
RIPA
Section
55
Description
General duties of specified authorities
Summary
This section describes the safeguards that must be in place for the protection of any material handed over in response to the serving of a notice under this Act.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Investigatory Powers Act (IPA) 2016
Section
2
Description
General duties in relation to privacy
Summary
A public authority exercising functions under the Act must have regard to whether the level of protection to be applied to information should be higher because of the sensitivity of that information. Must consider whether safeguards should be applied and taking the sensitivity of the information into account when considering whether obtaining the information is proportionate. Subsection (5) includes examples of sensitive information, including items subject to legal privilege and information that identifies or confirms the identity of a source of journalistic information.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
3
Description
Offence of unlawful interception
Summary
It is an offence to intentionally intercept a communication during its transmission without lawful authority. This applies to communications during transmission via a public telecommunications system, a private telecommunications system, or a public postal service.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
4
Description
Definition of “interception” etc.
Summary
Subsections (1) to (5) outline what constitutes intercepting a communication during its transmission by a telecommunications system. Firstly, the person must perform a "relevant act", which is defined in subsection (2) and includes modifying or interfering with the system. Secondly, the consequence of the relevant act must be to make the content of the communication available to a person who is not the sender or intended recipient. Thirdly, the content must be made available at a "relevant time", which means a time while the communication is being transmitted or any time when the communication is stored in or by the system.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
6
Description
Definition of “lawful authority”
Summary
There are three conditions in which a person may have lawful authority to carry out interception. The first is through a targeted or bulk warrant. The second is through any of the other forms of lawful interception provided for in Ss.44 to 52 of the Act, such as interception in prisons or interception with consent. Thirdly, in relation to stored communications, interception is lawful if authorised by an equipment interference warrant or if it is in exercise of any statutory power for the purpose of obtaining information or taking possession of any document or other property or in accordance with a court order.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
15(1)
Description
Warrants that may be issued under this Chapter
Summary
There are three types of warrants which can be issued under this chapter: a targeted interception warrant, a targeted examination warrant and a mutual assistance warrant.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
15(2)
Description
Warrants that may be issued under this Chapter
Summary
This section describes a targeted interception warrant and provides that such an interception warrant may authorise any activity for obtaining secondary data.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
15(3)
Description
Warrants that may be issued under this Chapter
Summary
A targeted examination warrant grants the examination of material that has been collected under a bulk interception warrant. This warrant must be authorised whenever a member of an intelligence service needs to look at material which relates to a person who is known to be in the British Islands and when he or she believes that it is necessary and proportionate to select the content of that person’s communications for examination.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
15(5)
Description
Warrants that may be issued under this Chapter
Summary
This section explains that a warrant authorises any conduct necessary to fulfil what is authorised or required by the warrant, including the interception of communications not specifically described in the warrant, or the obtaining of secondary data from such communications.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
16
Description
Obtaining secondary data
Summary
Secondary data is systems data or identifying data attached to the communications being transmitted. Identifying data must be able to be separated so that it would not reveal the content of the communication.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
17
Description
Subject-matter of warrants
Summary
Subsection (1) sets out that a warrant may be directed towards a particular person or organisation, or a single set of premises. Subsection (2) outlines that a warrant may also relate to a group of linked persons, or to more than one person or organisation, or set of premises in the context of a single investigation or operation. A warrant may also relate to testing or training activities, explained in more detail in subsection (3).
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
20
Description
Grounds on which warrants may be issued by the Secretary of State
Summary
The grounds include in the interests of national security, for the purpose of preventing or detecting serious crime, in the interests of the economic well-being of the United Kingdom (in circumstances relevant to the interests of national security), or for giving effect to the provisions of a mutual assistance agreement.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
31
Description
Requirements that must be met by warrants
Summary
Subsections (2) to (8) outline the information a warrant must contain. If a warrant relates to a single person, organisation/set of premises, the warrant must name that person/ organisation/those premises.
A warrant may relate to a group of persons linked by a common purpose or activity, or to more than one person/organisation/set of premises linked to a single operation/investigation. In such a case the link must be described and the warrant must name or describe as many of the persons, organisations or sets of premises as is reasonably practicable.
The warrant must specify the factors that are to be used to identify the communications that are to be intercepted or selected for examination.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
32
Description
Duration of warrants
Summary
An interception warrant will last for six months (unless it is cancelled earlier). If the warrant is not renewed it will cease to have effect after that period. Urgent warrants will last for five working days unless renewed.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
33
Description
Renewal of warrants
Summary
Subsections (1) to (3) state that a warrant may be renewed by the Secretary of State or a member of the Scottish Government. To be renewed, a warrant must be necessary and proportionate, applying the same tests as for issuing a warrant. As with an application for an interception warrant, the decision to renew the warrant must also be approved by a Judicial Commissioner.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
44
Description
Interception with the consent of the sender or recipient
Summary
Subsection (1) explains that communications may be intercepted if both the person sending the communication and the intended recipient of the communication have given consent for the interception.
Subsection (2) states that the interception of a communication is authorised if either the sender or the intended recipient has consented, and surveillance has been authorised under Part 2 of RIPA.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
53
Description
Safeguards relating to retention and disclosure of material
Summary
The issuing authority must ensure that arrangements are in place for securing those certain requirements are met relating to retention and disclosure of material obtained under the warrant. The number of persons who see the material, the extent of disclosure and the number of copies made of any material must be to the minimum necessary for the authorised purposes
Applicable Emerging Technology
Databases, Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
61
Description
Power to grant authorisations
Summary
This section details the power for relevant public authorities to acquire communications data. Communications data is the ‘who,’ ‘when,’ ‘where’ and ‘how’ of a communication, but not its content. An authorisation can be granted where a designated senior officer in a relevant public authority is content that a request is necessary for one of the 10 purposes set out in subsection (7) and proportionate to what is sought to be achieved. Communications data cannot be acquired for any other purposes and only certain authorities can use certain purposes, as outlined in Schedule 4.
Applicable Emerging Technology
Databases, Electronic Surveillance Systems (interception technologies)
Applicable Case Law
Big Brother Watch v United Kingdom
Case Law Findings
RIPA 2000, Ch II for acquiring communications data from communication service providers violates art 8 as it is not in accordance with the law. Both these regimes were also held to violate art 10.
Note: the IPA replaced RIPA, which is why this case law has been put in this section.
Legislation
IPA
Section
61(5)
Description
Power to grant authorisations
Summary
An authorisation may cover data that is not in existence at the time of the authorisation
Applicable Emerging Technology
Databases, Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
67
Description
Filtering arrangements for obtaining data
Summary
Outlines the power to establish filtering arrangements to facilitate the lawful, efficient, and effective obtaining of communications data by relevant public authorities and to help determine whether the tests for granting an authorisation to obtain data have been met. The filtering arrangements will minimise the communications data obtained, thereby ensuring that privacy is properly protected.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
99(2)
Description
Warrants under this Part: general
Summary
A targeted equipment interference warrant authorises the interference with equipment for the purpose of obtaining communications, information, or equipment data.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
99(4)
Description
Warrants under this Part: general
Summary
The acquisition of communications or other information through a targeted equipment interference can include monitoring, observing, or listening to communications or activities. As a result, it is not be necessary for such activity to be authorised separately under Part 2 of RIPA
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
100
Description
Meaning of “equipment data”
Summary
Under a targeted equipment interference warrant, equipment data means systems data or identifying data. To be equipment data, identifying data must be capable of being separated from the communication or item of information in such a way that, when separated, it would not reveal the meaning (if any) of the content of the communication or the meaning (if any) of an item of information.
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
106
Description
Power to issue warrants to law enforcement officers
Summary
Circumstances in which a law enforcement chief can issue a targeted equipment interference warrant to an appropriate law enforcement officer, outlining the process and requirements.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
135(1)
Description
Part 5: interpretation
Summary
“Communication” includes
anything comprising speech, music, sounds, visual images or data of any description, and signals serving either for the impartation of anything between persons, between a person and a thing or between things or for the actuation or control of any apparatus.
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
135(2)
Description
Part 5: interpretation
Summary
“Equipment” means equipment producing electromagnetic, acoustic, or other emissions or any device capable of being used in connection with such equipment.
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
136
Description
Bulk interception warrants
Summary
A bulk interception warrant may be authorised to intercepted overseas-related communications or to obtain secondary data from such communications.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
Big Brother Watch v United Kingdom
Case Law Findings
The ECtHR held that the bulk interception regime under RIPA 2000, s 8(4) violates ECHR, art 8 due to lack of oversight.
A regime of bulk interception of communications did not contain sufficient “end-to-end” safeguards to provide adequate and effective guarantees against arbitrariness and the risk of abuse, even though certain robust safeguards were identified (paras 424-427)
Legislation
IPA
Section
137
Description
Obtaining secondary data
Summary
Outlines secondary data which can be obtained under a bulk interception warrant.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
138
Description
Power to issue bulk interception warrants
Summary
The Secretary of State may issue a bulk interception warrant only if it is necessary and proportionate, for one or more specified statutory purposes. Subsection (1) makes clear that the interests of national security must always be one of those purposes.
Applicable Emerging Technology
Electronic Surveillance Systems (interception technologies)
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
158
Description
Power to issue bulk acquisition warrants
Summary
A warrant may be authorised only where it is necessary and proportionate for one or more specified statutory purposes. The interests of national security must always be one of the reasons. The warrant must be approved by a Judicial Commissioner. A warrant may only be issued to the three intelligence agencies.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
199(1)
Description
Bulk personal datasets: interpretation
Summary
A bulk personal dataset is a set of information that includes personal data relating to several individuals, the majority of whom are not, and are unlikely to become, of interest to the service in the exercise of its functions.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
199(2)
Description
Bulk personal datasets: interpretation
Summary
Defines personal data. The definition is the same as in the Data Protection Act 1998 (DPA), but this also includes data relating to deceased persons.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
200
Description
Requirement for authorisation by warrant: general
Summary
An intelligence service may not exercise a power to retain a BPD unless its retention is authorised by either a “class BPD warrant” (authorising an intelligence service to retain, or retain and examine, any BPD of a class described in the warrant) or a “specific BPD warrant” (authorising an intelligence service to retain, or retain and examine, any BPD described in the warrant):
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
204
Description
Class BPD warrants
Summary
Authorises the retention and examination of datasets that can be said to fall into a class because they are of a similar type and raise similar considerations. Subsection (2) specifies what an application for a class BPD warrant must include: a description of the class of bulk personal datasets and the operational purposes for which it is proposed to examine datasets of that class.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
205(2)
Description
Specific BPD warrants
Summary
The dataset does not fall within a class described by an existing class BPD warrant. An example of this could be a new type of dataset.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
205(3)
Description
Specific BPD warrants
Summary
A dataset falls within a class BPD warrant, but either S202 prevents the intelligence service from relying on a BPD class warrant or the service believes that it would be appropriate to seek a specific BPD warrant.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
205(6)
Description
Specific BPD warrants
Summary
These outline the conditions, which are the same for class BPD warrants. The Secretary of State can issue a warrant if they believe that it is necessary for specified purposes and proportionate, and that adequate handling arrangements are in place. The Secretary of State must also consider that each operational purpose specified in the warrant is one for which the examination of the bulk personal dataset to which the application relates is or may be necessary, and that the examination of the dataset for such an operational purpose is necessary for the statutory purposes set out in subsection (5)(a).
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
221
Description
Safeguards relating to the examination of bulk personal datasets
Summary
The Secretary of State must ensure that arrangements are in force for securing that any selection for examination of data contained in BPDs is carried out only as far as is necessary for the operational purposes specified in the warrant (at the time of the selection); and the selection of any such data is necessary and proportionate in all the circumstances.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
IPA
Section
Part 5; Part 6; Part 7
Description
Safeguards
Summary
These parts are all similar in that they outline the provisions for the duration, renewal, approval, modification, cancellation, implementation, and non-renewal of warrants.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Human Rights Act 1998 (HRA)
Section
Schedule 1, Article 8
Description
Right to respect for private and family life
Summary
The right to respect his private and family life, his home, and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety, or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
Case Law Findings
Legislation
HRA
Section
Schedule 1, Article 9
Description
Freedom of thought, conscience, and religion
Summary
Everyone has the right to freedom of thought, conscience, and religion; this right includes freedom to change his religion or belief and freedom, either alone or in community with others and in public or private, to manifest his religion or belief, in worship, teaching, practice and observance.
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
HRA
Section
Schedule 1, Article 10
Description
Freedom of expression
Summary
Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
HRA
Section
Schedule 1, Article 14
Description
Prohibition of discrimination
Summary
The enjoyment of the rights and freedoms set forth in this Convention shall be secured without discrimination on any ground such as sex, race, colour, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth, or other status.
Applicable Emerging Technology
Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+ Convention for the protection of individual with regards to the processing of personal data
Section
Article 2(a)
Description
Definitions
Summary
“Personal data” means any information relating to an identified or identifiable individual (“data subject”)
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
Article 2(b)
Description
Definitions
Summary
“Data processing” means any operation or set of operations performed on personal data, such as the collection, storage, preservation, alteration, retrieval, disclosure, making available, erasure, or destruction of, or the carrying out of logical and/or arithmetical operations on such data
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
2(c)
Description
Definitions
Summary
Where automated processing is not used, “data processing” means an operation or set of operations performed upon personal data within a structured set of such data which are accessible or retrievable according to specific criteria
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
3
Description
Scope
Summary
Each Party undertakes to apply this Convention to data processing subject to its jurisdiction in the public and private sectors, thereby securing every individual’s right to protection of his or her personal data
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
5(1)
Description
Legitimacy of data processing and quality of data
Summary
Data processing must be proportionate, that is, appropriate in relation to the legitimate purpose pursued and having regard to the interests, rights and freedoms of the data subject or the public interest. Such data processing should not lead to a disproportionate interference with these interests, rights, and freedoms.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
5(2)
Description
Legitimacy of data processing and quality of data
Summary
Two other pre-requisites for a lawful processing are an individual’s consent or a legitimate basis prescribed by law.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
5(4)
Description
Legitimacy of data processing and quality of data
Summary
Data processing is fair and transparent, does not go beyond the scope of the original purpose and that it is only preserved in a form that allows identification for the shorted possible period of time
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
6
Description
Special categories of data
Summary
The processing of genetic data, personal data relating to offences, criminal proceedings and convictions, and related security measures, biometric data uniquely identifying a person, personal data for the information they reveal relating to racial or ethnic origin, political opinions, trade-union membership, religious or other beliefs, health, or sexual life, shall only be allowed where appropriate safeguards are enshrined in law.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
7
Description
Data security
Summary
The controller, and processor, takes appropriate security measures against risks such as accidental or unauthorised access to, destruction, loss, use, modification, or disclosure of personal data.
Applicable Emerging Technology
Databases
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
8
Description
Transparency of processing
Summary
The controller must be transparent when processing data to ensure fair processing and to allow data subjects to understand and exercise their rights in the context of such data processing
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
9
Description
Rights of the data subject
Summary
Lists the rights that every individual should be able to exercise concerning the processing of personal data. Each Party shall ensure, within its legal order, that all those rights are available for every data subject together with the necessary means to exercise them.
Applicable Emerging Technology
Databases, Biometric Identification Systems, Electronic Surveillance Systems
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
Convention 108+
Section
11
Description
Exceptions and restrictions
Summary
There can be an exception to this provision when it is necessary and proportionate for the prevention, investigation, and prosecution of criminal offences.
Applicable Emerging Technology
N/A
Applicable Case Law
N/A
Case Law Findings
N/A
Legislation
UK
Criminal Procedure (Scotland) Act 1995
Data Protection Act 2018
Equality Act 2010
Human Rights Act 1998
Investigatory Powers Act 2016
Police and Fire Reform (Sc) Act 2012
Regulation of Investigatory Powers Act 2000
Regulation of Investigatory Powers (Sc) Act 2000
Police, Crime, Sentencing and Courts Act 2022
Protection of Freedom Act 2012
Scottish Biometric Commissioner Act 2020
EU
Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the one part, and the United Kingdom of Great Britain and Northern Ireland, of the other part [2021] OJ L149/10
Preparatory Documents
Proposal for a Regulation of the European Parliament and of the Council on European data governance (Data Governance Act) - Outcome of the European Parliament's first reading (Strasbourg, 4-7 April 2022), ST 7853 2022 INIT
Contact
Email: ryan.paterson@gov.scot
There is a problem
Thanks for your feedback