RIPA accords “Communications Data (CD),” defined “as the basic ‘who, when, and where’ of a communication” less protection than the contents of communications. Claiming that “the statutory definition of Communications Data … is narrowly drawn,” the ISC’s March 12, 2015 Report dismissed concerns that modern technology makes it as intrusive to collect and examine CD as communications themselves. Concl. V. Here, the ISC’s reasoning arguably conflicted with the reasoning of the European Court of Justice (CJEU), in Joined Cases C-293/12 & C-594/12, Digital Rights Ireland and Seitlinger and Others (Apr. 8, 2014), discussed under CJEU Challenges
The ISC distinguished CD from “ ‘Communications Data Plus’ – hav[ing] the potential to reveal details about a person’ private life (i.e., their habits, preferences and lifestyle) that are more intrusive,” and, therefore, warranting greater safeguards. Concl. W. Examples of Communications Data Plus are “a call to a particular medical helpline, or a certain type of dating or sex chat line.” Para. 142.
As described in our post, “The distinction between external and internal communications,” the ISC Report recognized that a vanishingly small percentage of communications count as “internal” communications. Nonetheless, the Committee dismissed concerns that CD of communications between people in the UK might be collected through the bulk interception authorized by 8(4) warrants. “GCHQ targets those bearers most likely to contain external communications, and this minimises the unintended interception of UK-to-UK communications.” Para. 144. Although the ISC did recognize that the protections of 16(3) of RIPA extend to the contents, but not the CD, of UK-to-UK communications that are incidentally collected through bulk interception, its response to this concern was entirely redacted.