Minister clarifies death-penalty clause in UK-US data-sharing agreement
Government will be able to decide ‘on a case-by-case’ basis whether to grant permission for UK data to be used in death-penalty prosecutions
The government has clarified that its recently agreed data-sharing agreement with the US provides for the UK to prevent data gained from British tech firms being used in death-penalty prosecutions.
Although the government said that it will “continue to oppose the death penalty in all circumstances”, it also indicated that it will review “on a case-by-case basis” the potential use of UK data in US death-penalty cases.
Announced by home secretary Priti Patel earlier this month, the UK-US Bilateral Data Access Agreement allows UK law-enforcement agencies to directly demand data from US tech firms – rather than having to submit a “mutual legal assistance” request to the US government, as is currently the case. The same rights are offered reciprocally to US authorities who, providing they have the relevant authorisation under US law, can now request data direct from UK telecommunications providers.
- UK-US data transfers will remain protected by Privacy Shield after Brexit, minister claims
- Government advises that NHS data can be safely hosted in the US and other countries
- Home secretary calls for government back doors for encrypted data
When the agreement was announced, Patel said that “the UK has obtained assurances which are in line with the government’s continued opposition to the death penalty in all circumstances”.
In a written parliamentary statement this week, security minister Brandon Lewis has clarified what these “assurances” entail.
Unless UK government ministers give their express approval, the US is barred from using any data gained from UK firms in prosecutions that may result in the death penalty, according to Lewis. Although the minister reiterated the UK’s unwavering opposition to the death penalty, he said that each case would be reviewed individually.
“We have agreed a binding position with the US, enshrined in the body of the agreement, preventing them from using material obtained from a UK telecommunications operator under the agreement as prosecution evidence in a US case where the death penalty may be imposed, unless they obtain the prior permission of the UK to use that material as prosecution evidence,” Lewis said. “This will allow ministers to make a decision on a case by case basis, continuing the existing practise under mutual legal assistance. It is the policy of this government to continue to oppose the death penalty in all circumstances.”
In formulating the agreement, the death penalty was identified “as a UK essential interest”, according to Lewis. This interest is covered by article 8 of section 4 of the agreement.
“Prior to use of the data in a manner that is or could be contrary to those essential interests, the issuing party shall via, the receiving party’s designated authority, obtain permission to do so,” the article states. “The receiving party’s designated authority may grant permission, subject to such conditions as it deems necessary, and if it does so, the issuing party may only introduce this data in compliance with those conditions. If the receiving party does not grant approval, the issuing party shall not use the data it has received pursuant to the legal process in that manner.”
Under the current mutual legal assistance system, it typically takes between six months and two years for UK authorities to obtain data from US firms, the government claimed earlier this month. The new agreement could reduce this to “weeks or even days”, it added.
Matt Warman tells PublicTechnology event that government wants products and services to be secure ‘from the ground up’ – reducing burden on consumers and businesses
Ministers stress mass deletion was result of ‘human error’
Permanent secretary Sarah Healey on the challenges of working remotely, and the prospect of opening presents via videoconference
PublicTechnology editor Sam Trendall picks out the big issues that might shape the year ahead. Apart from that one.
In 2020 public sector organisations have been tested to a degree never experienced before. According to CrowdStrike, increasing cybersecurity attacks are an additional complication they must...
The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...
One Trust breaks down the modular approach of the new SCCs