The ongoing legal challenge of UK human rights group Liberty over data privacy breaches committed by MI5 has revealed new details about the violations, showing that the security service has been failing to remove collected bulk surveillance data on time and received surveillance warrants based on knowingly false information.
Under the Investigatory Powers Act (IPA), MI5 has the authority to collect, upon authorization, personal data of a large number of innocent people and store it for potential future investigations. Security services, however, cannot store such data indefinitely: they are obliged to delete it within certain time limits.
Documents released during a court hearing on Tuesday showed that the MI5 legal team said, as quoted by the Liberty, that there is “a high likelihood [of material] being discovered when it should have been deleted, in a disclosure exercise leading to substantial legal or oversight failure.”
Investigatory Powers Commissioner and Lord Justice Adrian Fulford, who is responsible for verifying that the security services respect data privacy provisions laid out in the IPA, described MI5’s actions as “undoubtedly unlawful.”
According to the rights group, the commissioner said that the intelligence would have never obtained permissions for their surveillance activities if the watchdog had known that MI5 was violating the IPA.