A highly controversial UK surveillance bill dubbed the “Snooper’s Charter” recently received royal assent, formally becoming law in the process. The Investigatory Powers Act 2016 is intended to make significant changes to the UK data surveillance regime, particularly through its introduction of bulk powers for UK police, government and security agencies, as well as wide-reaching changes regarding data retention and hacking powers. The law will have impact on private companies, in particular those dubbed “telecommunications operators.” The term is broadly defined to include service providers such as cloud technology and social media firms. Those entities can be required by a warrant to store data relating to the sites a device connects to (the power stops short of a user’s full browsing history) for up to a year. Private networks (such as those of companies) are also generally within the ambit of the Act which is an important change from the position under the existing surveillance regime.

The starting point under the new regime is the same as the existing regime: interception of communications without lawful authority is prohibited, and new criminal offences have been introduced for misuse of powers under the Act. An operator outside the UK that provides a telecoms service to people in the UK or controls a telecoms system in the UK will be required to comply.

Although the UK Home Secretary praised the legislation, it has been criticized by civil liberties groups and a petition for the law to be repealed has received more than 185,000 signatures. The threshold at which members of parliament may, at their discretion, debate an issue is 100,000.

Tip: Although criticized, the bill is now law, and companies should consider the extent to which they will be able to comply with warrants under the new rules.