Investigatory Powers Bill could breach client confidentiality and break EU law

Tim Musson, convener of the Law Society of Scotland privacy law committee, said: “Protecting the privacy of a client’s communications with their lawyer is essential. We are pleased that the UK government accepted the arguments to ensure that protections for client confidentiality would be in the face of the proposed legislation, rather than through a code of conduct, but there are still risks that confidentiality could be breached.

“We know that the government does not have an easy task in striking the right balance between protecting people from the threats of today’s digitalised world while still enabling them to exercise the freedoms that modern technology can offer. But the means of protection should not nullify the very freedoms we are trying to protect.

“The changing nature of communications means we need to beware of intrusions of our privacy. Not only the content of a communication, but also communications data itself can reveal a lot of information about a client, their lawyer and the advice that has been given.

“Collecting lots of data relating to significant numbers of people in a wholly indiscriminate way will inevitably result in the capture of information relating to client/lawyer communications. Confidential information between a lawyer and a client contributes to the rule of law, the proper functioning of the courts and is in the interests of justice. This information requires protection as it’s essential to ensure a client can speak freely with his or her lawyer and that the advice they receive will not be disclosed to the police, the security service or the media.”

The society has also pointed out potential risks relating to the requirement for telecommunications operators to retain data.

Mr Musson added: “There have been a number of high profile data breaches in the past year, such as Talk Talk, Carphone Warehouse, Hilton hotels, and we are not convinced that telecommunications operators will be able to store this information securely. There is the risk that cybercriminals will see such data banks as prime targets, with the information held potentially being used to target particular groups, including vulnerable people.

“Large scale data collection of this type could also be in contravention of EU law and we believe that the UK government needs to be clear on how they believe the draft legislation will be compliant.”

The full Law Society of Scotland response can be read on its website.