Minister clarifies death-penalty clause in UK-US data-sharing agreement
Government will be able to decide ‘on a case-by-case’ basis whether to grant permission for UK data to be used in death-penalty prosecutions
The government has clarified that its recently agreed data-sharing agreement with the US provides for the UK to prevent data gained from British tech firms being used in death-penalty prosecutions.
Although the government said that it will “continue to oppose the death penalty in all circumstances”, it also indicated that it will review “on a case-by-case basis” the potential use of UK data in US death-penalty cases.
Announced by home secretary Priti Patel earlier this month, the UK-US Bilateral Data Access Agreement allows UK law-enforcement agencies to directly demand data from US tech firms – rather than having to submit a “mutual legal assistance” request to the US government, as is currently the case. The same rights are offered reciprocally to US authorities who, providing they have the relevant authorisation under US law, can now request data direct from UK telecommunications providers.
- UK-US data transfers will remain protected by Privacy Shield after Brexit, minister claims
- Government advises that NHS data can be safely hosted in the US and other countries
- Home secretary calls for government back doors for encrypted data
When the agreement was announced, Patel said that “the UK has obtained assurances which are in line with the government’s continued opposition to the death penalty in all circumstances”.
In a written parliamentary statement this week, security minister Brandon Lewis has clarified what these “assurances” entail.
Unless UK government ministers give their express approval, the US is barred from using any data gained from UK firms in prosecutions that may result in the death penalty, according to Lewis. Although the minister reiterated the UK’s unwavering opposition to the death penalty, he said that each case would be reviewed individually.
“We have agreed a binding position with the US, enshrined in the body of the agreement, preventing them from using material obtained from a UK telecommunications operator under the agreement as prosecution evidence in a US case where the death penalty may be imposed, unless they obtain the prior permission of the UK to use that material as prosecution evidence,” Lewis said. “This will allow ministers to make a decision on a case by case basis, continuing the existing practise under mutual legal assistance. It is the policy of this government to continue to oppose the death penalty in all circumstances.”
In formulating the agreement, the death penalty was identified “as a UK essential interest”, according to Lewis. This interest is covered by article 8 of section 4 of the agreement.
“Prior to use of the data in a manner that is or could be contrary to those essential interests, the issuing party shall via, the receiving party’s designated authority, obtain permission to do so,” the article states. “The receiving party’s designated authority may grant permission, subject to such conditions as it deems necessary, and if it does so, the issuing party may only introduce this data in compliance with those conditions. If the receiving party does not grant approval, the issuing party shall not use the data it has received pursuant to the legal process in that manner.”
Under the current mutual legal assistance system, it typically takes between six months and two years for UK authorities to obtain data from US firms, the government claimed earlier this month. The new agreement could reduce this to “weeks or even days”, it added.
Prime minister plans to backtrack on previous decision to allow Chinese giant to play a role in next-generation telecoms
Health secretary calls on public to embrace technology
Health department says ‘all large-scale operations’ experience similar challenges
Department tasks Russell Reynolds Associates with helping bring on board new permanent secretary
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
HPE shows why organisations are increasingly seeking to understand and consider the environmental impacts of their IT purchasing decisions
HPE makes the case for hybrid cloud services to transform and enhance relationships with citizens...
CyberArk's John Hurst looks at the true cost of GDPR breaches