Proposed law tweak advises police that cloud firms should not be served warrants for customer data

Written by Sam Trendall on 6 October 2022 in News

Home Office is now scrutinising feedback garnered during consultation on planned changes

Credit: ambercoin/Pixabay

Government is now analysing feedback on plans to update legislation on how police and the security services can access data stored in cloud environments.

The proposed amendments would introduce explicit guidance advising investigators that warrants should not typically be served on cloud services providers in relation to the data of their customers.

The Home Office has now concluded a consultation process in which responses were invited on a planned update to the Code of Practice for the Interception of Communications. The code is one of six sets of statutory guidelines intended to dictate how authorities should exercise the powers invested in them by the Investigatory Powers Act – known to its critics as the Snoopers’ Charter.

The interception code sets out the processes and practices that officers should follow when using legal powers to access the private communications of individuals and businesses. Such communications are now often conducted digitally, via email and other electronic messaging methods.

Moreover, records of these messages are, in many cases, stored by a third-party cloud provider – rather than solely on personal devices and organisations’ in-house IT infrastructure.  

Government intends to add to the interception code a new section that provides clarity for officers planning to serve a warrant to gain access to digital records that a business, public body, or charity has stored in a cloud environment.

The additional text – which runs to 548 words – states that authorities “can often obtain the same data from both the cloud service provider and the enterprise” in question.

Related content

In such cases, officers should serve warrants on the organisation under investigation – and not the IT firm paid to store or process their data.

The planned update says: “Although the [Investigatory Powers] Act allows the intercepting authority to serve the warrant on either the cloud-service provider or the enterprise, the intercepting authority should, where it is reasonable to do so, always serve a copy of the warrant on the enterprise rather than the cloud service provider.”

The revised code adds, however, that there will be “exceptions to this general rule”. 

This includes instances where an organisation does not have the technical capability to provide the data sought by officers.  Authorities are also given latitude to seek data from cloud providers if there are “reasonable grounds” to believe that serving the warrant directly to a business or government body could “result in the person under investigation becoming aware of the investigation” – leading to possible destruction of data or other forms of “interference”.

The consultation – which was launched by former home secretary Priti Patel – lasted for a little less than two months and has now closed. The online process did not specify any particular respondents that should take part, or any questions that they might wish to consider. 

“Prior to issuing any code, the secretary of state must prepare and publish a draft of it,” the Home Office said in the consultation documents. “The secretary of state must also consider any representations made about the draft revised code and may modify the draft accordingly. This consultation fulfils that requirement.”

Any such representations received by the department will now be considered by officials before the planned law change is put into effect.

“Following the consultation period, responses will be analysed and the draft code revised as necessary. It will then be laid before parliament for approval,” the Home Office said. 


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on


Share this page




Please login to post a comment or register for a free account.

Related Articles

Calls to expand biometrics watchdog to commercial entities
17 February 2023

Scotland’s world-first regime needs to go further, critics have claimed

Tech consulting giant’s three-year public procurement ban lifted after eight months
24 March 2023

The UK arm of Bain & Company can once again bid for Whitehall contracts after ‘robust and intensive dialogue’ with government, minister claims

What apps are on government’s approved list?
20 March 2023

Only centrally approved third-party applications will be allowed on Whitehall devices – but government remains tight-lipped on what might make the cut or how

Government guidance on use of private email and WhatsApp to be updated for first time in a decade
15 March 2023

Cabinet Office minister says that department will release new guidelines ‘as soon as possible’