The Crime (Overseas Production Order) Bill - We must not lose control of data sharing

10 September 2018

Scant attention has been paid to the House of Lords review of the Crime (Overseas Production Order) Bill — yet the legislation will give the UK authorities vastly extended powers to see data stored overseas for the purposes of criminal prosecutions. Critically, the bill needs more safeguards to protect individual rights before it gains final approval.

Data is increasingly crucial to law enforcement. Last week, Cressida Dick, the Metropolitan Police commissioner, called for greater powers to gain access to social media accounts after a murder suspect received a 14-month sentence for failing to disclose his Facebook password.

The current process for gaining access to data stored overseas is cumbersome and long-winded. For example, to obtain data located in California a mutual legal assistance request must be sanctioned by judicial authorities in that jurisdiction and in the UK. Requests take an average ten months to complete.

The current bill seeks to expedite that procedure by enabling a UK court to go straight to a company in the US or elsewhere with an order to produce data, providing the host country has signed an international agreement.

The US is thought to be the first target country for a data-sharing partnership, with reciprocal negotiations having begun in 2015.

A similar EU instrument that would allow the authorities to obtain data directly from companies in other member states is making its way through the European parliament at present, although the UK would need to forge fresh agreements post-Brexit.

The rationale for faster and easier data-access for criminal prosecutions is clear and understandable. However, a significant concern for privacy campaigners is the ability the proposals give to prevent the person whose data is being accessed from discovering that such an order has been made. Campaigners are also worried about the low threshold that law enforcement authorities will have to meet to obtain a non-disclosure order.

The implications of the bill for legal professional privilege also require further consideration. If an order is subject to a non-disclosure requirement, in practice the IT service provider will be the only party determining whether there is a legal privilege issue before data is handed over. Are we really willing to trust the ability of technology companies to protect legal privilege?

The bill can only legislate for one side of the coin and determine what a judge can do in this country. There is also the issue of the reciprocal arrangements that will underpin the bill’s efficacy and that presumably will allow courts in overseas jurisdictions to obtain evidence from the UK.

It is one thing to expect an overseas service provider to comply with a UK court order, knowing that some scrutiny has been applied by a UK judge. What about an order served directly on a UK company by an overseas court, from a country where there are real concerns about the independence of the judiciary?

The bill has many positives for law enforcement, but needs greater safeguards to protect us from a landscape of facile data sharing beyond our control.

First published in The Times' Brief, September 2018.

Further information

We are hosting an event on 3 October 2018 on this topic, which is relevant for lawyers and other professionals with an interest in international criminal law:

Responding to challenges of securing evidence overseas in a new tech setting

Share insightLinkedIn Twitter Facebook Email to a friend Print

Email this page to a friend

We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.

Leave a comment

You may also be interested in:

Skip to content Home About Us Insights Services Contact Accessibility