Policy paper

Investigatory Powers (Amendments) Bill: Oversight and Safeguards

Updated 26 April 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/investigatory-powers-amendment-bill-factsheets/investigatory-powers-amendments-bill-oversight-and-safeguards

What is the current oversight framework in the Investigatory Powers Act 2016?

The Investigatory Powers Act 2016 (IPA 2016) contains world-leading oversight arrangements that apply to the use of investigatory powers.

The IPA 2016 placed the key powers on a clearer statutory footing and required warrants for the use of some of these powers to be authorised by the Secretary of State, Scottish Minister, or law enforcement chiefs, and for that authorisation to be approved by an independent Judicial Commissioner, which is known as the ‘double lock’. The IPA 2016 is underpinned by statutory codes of practice on each of the key investigatory powers, providing a transparent and comprehensive legal framework.

The IPA 2016 created the role of the Investigatory Powers Commissioner (IPC), who, together with the other Judicial Commissioners, must hold or have held a high judicial office, merging the functions of the previous oversight commissioners into one single office.

The IPC’s oversight functions include the following:

  • Responsibility for inspecting the full range of agencies and departments involved in the use of investigatory powers and ensuring that they are complying with the law and following good practice. This includes investigating systems and processes, checking records and paperwork, interviewing key staff and investigating any known errors.
  • The frequency of these inspections is decided by the IPC and inspectors must have unfettered access to documents and information to support the Commissioner’s functions. This allows inspectors to undertake thorough and robust investigations of each public authority’s use of the power, covering the entire chain of events and decision making. In 2022, they conducted 365 inspections, 44 of these were inspections of the intelligence services.
  • Judicial Commissioners can also join inspections, giving them an opportunity to challenge aspects of a public authority’s policy and methodology.
  • A report is issued after each inspection, which sets out the Investigatory Powers Commissioner’s Offices’  (IPCO)’s conclusions and recommendations and identifies any areas of vulnerability or non-compliance. They also identify areas of good practice which may be of interest to other similar organisations.
  • The report will enable organisations to take action on the basis of IPCO’s recommendations. This process provides for systemic review of all public authorities’ use of the power and allows for continuous improvement in the authorisation and management of the capability.
  • If there is a notable issue at any of the public authorities, picked up either during an inspection or outside it in normal business, IPCO may carry out additional ad hoc inspections as well as their usual scheduled inspections.
  • The IPC has a clear mandate to inform Parliament and the public about the use of investigatory powers. The Commissioner must provide an annual report on the use of investigatory powers to the Prime Minister, which the Prime Minister must publish and lay before Parliament.

Structure of the IPA oversight regime

  • The Investigatory Powers Commissioner’s Office (IPCO). IPCO supports the IPC and Judicial Commissioners in fulfilling their duties under the Investigatory Powers Act 2016, namely reviewing warrant applications and the inspection of how the powers are used by public bodies.
  • The Technology Advisory Panel (TAP) whose purpose is to advise the IPC, the Secretary of State and Scottish Ministers about the impact of changing technology and the development of techniques to use investigatory powers whilst minimising privacy interference.
  • The Office for Communications Data Authorisations (OCDA), formed in 2018 as a result of the Data Retention and Acquisition Regulations 2018 [footnote 1], supports the IPC’s functions of providing independent consideration of requests for communications data from law enforcement and public authorities. It independently assesses the lawful acquisition of communications data by a public authority in order to meet its function of protecting the public.

How will this bill ensure the oversight and safeguards regime remains resilient and fit for purpose?

The Investigatory Powers (Amendment) Bill builds upon these already world-leading safeguards, further strengthening the oversight regime to ensure the regime is resilient and the IPC is able to effectively carry out his functions.

The measures in the bill will:

  • Ensure that there is a clearer statutory basis for reporting errors under the Regulation of Investigatory Powers Act 2000, Regulation of Investigatory Powers (Scotland) Act 2000, and the Police Act 1997 - and Codes of Practice relating to those acts – to the IPC. This will ensure that public authorities have greater clarity around their error reporting obligations.
  • Expand the list of public authorities in relation to which the Prime Minister can direct IPC oversight. The Prime Minister has the power to ask the IPC to provide oversight of additional public authorities, so far as it relates to intelligence activities. Widening this list will ensure greater flexibility in responding to emerging oversight requirements.
  • Add Judicial Commissioners to the list of persons and bodies dealing with security matters under section 23 of the Freedom of Information Act 2000 (FOIA). This will ensure that sensitive information does not have to be released under FOIA, which brings IPCO in line with other security bodies that handle sensitive information.
  • Place the IPC’s oversight of Ministry of Defence compliance with policies governing surveillance, and the use of covert human intelligence sources outside the UK, on a statutory footing. This will ensure this key strand of oversight is underpinned in statute.

Resilience

The measures in the bill will also increase resilience in the wider oversight system by:

  • Increase the resilience of the “triple lock” – the “triple lock” refers to instances where Prime Ministerial sign-off is required for warrants for interception or equipment interference where the purpose is to acquire the communications of a member of a relevant legislature. This measure creates an alternative process for circumstances where the PM is unavailable, allowing a previously nominated Secretary of State to approve the warrant.
  • Placing the appointment of deputy IPCs on a statutory footing, allowing the IPC to delegate their powers when they are unable or unavailable to carry out their functions.
  • Permitting Judicial Commissioners to carry out functions that can currently only be carried out by the IPC in relation to the authorisation of certain Communications Data requests. It will also permit the deputy IPCs to consider appeals against a decision taken by a JC.
  • Enabling the IPC to appoint Judicial Commissioners on a temporary basis, to provide additional flexibility and resilience during exceptional circumstances which result in a shortage of JCs.
  • Extending TEI authorisation powers to designate NCA Deputy Director Generals as a law enforcement chief, for the purposes of s.106 and Part 1 of Schedule 6, to allow authorisation functions to be exercised by appropriate delegates in urgent cases. Currently, only the NCA DG can authorise these warrants or no nominate appropriate delegates; making this change will enhance the NCA’s operational resilience.

How does the UK’s oversight regime compare to other countries?

The bill will maintain and enhance the existing high standards for safeguarding privacy in the 2016 act, whilst ensuring that we are not inhibiting the ability of the relevant agencies to access data, in a closely controlled way, in order to investigate the most serious crimes, including child abuse and terrorism. As Lord Anderson noted in his report [footnote 2], the UK goes much further than our allies in respect of the current restrictions placed on the Intelligence Agencies’ use of Bulk Personal Datasets.

The UK is a world leader in ensuring privacy can be protected without compromising security, as suggested by the then UN Special Rapporteur for the Right to Privacy, Joseph Cannataci, who said of the act in 2018, “ Given its history in the protection of civil liberties and the significant recent improvement in its privacy laws and mechanisms, the UK can now justifiably reclaim its leadership role in Europe as well as globally.”

He also noted the following year at the International Intelligence Oversight Forum that, “the significant reinforcement of oversight mechanisms in the UK since 2016 and thus several best practices, including some pioneered by the UK, could be explored by the participants.”

Footnotes

  1. Introduced in response to the judgment of the Court of Justice of the European Union (CJEU) in joined cases C‑203/15 and C‑698/15 (Tele2/Watson), which specified the need to provide for independent administrative or judicial authorisation for most communications data applications. 

  2. Independent Review of the Investigatory Powers Act 2016, David Anderson 

Back to top