How to take action against the Snooper’s Charter this Data Privacy Day
If you’re an internet user in the UK, your data is now subject to the Investigatory Powers Act. Nicknamed the “Snooper’s Charter”, the Investigatory Powers Act recently became law and allowed the UK government to intercept communications in bulk from people not suspected of wrongdoing, require internet service providers to maintain logs of users’ internet activity for 12 months, hack into the devices of citizens, and force companies to decrypt data on demand among other new powers.

Advocates argue the law is necessary to fight terrorism, but recent freedom of information (FOI) requests show it is being abused to spy on UK residents, as reported by the Guardian.

In support of Data Privacy Day on January 28, we are protesting against this invasive law. Comparitech encourages UK residents to fight for their right to privacy taking four key actions:

  • Send a subject access request under the Data Protection Act to your Internet Service Provider (ISP) or phone company. Ask them to provide you with the data that is being stored on you and which government departments have had access to it. Instructions below.
  • Sign the petition to repeal the law.
  • Call or write a letter to your MP expressing your wish for repeal of the law. You can find a form letter below.
  • Use a VPN to protect your online privacy.

We believe if thousands of people submit requests and make their concerns tangible, then it will force the government to look more closely at protecting its citizens not only from the threats of acts of terror, but from cybercriminals or nation state actors that might exploit their information.

The act was branded unconstitutional by the European Court of Justice. It applies to all UK residents with the convenient exception of politicians. Any warrants to access government officials’ information will need the extra layer of the Prime Minister’s approval. Ask your MP if he or she thinks it is right that he or she is exempt from the law while the rest of the public faces this attack on privacy.

In the meantime, we strongly advise using a Virtual Private Network (VPN) to protect your privacy online. Pick a VPN that isn’t based in the UK, doesn’t keep log files, and scores highly for privacy.

Businesses of all sizes are obligated to look after the personal information under their control, but we have seen countless cases including TalkTalk, where this information has been breached. Now, with the government requiring communications companies to store more than just personal identifying information – information that points to habits, likes/dislikes and internet browsing history – privacy for UK citizens is eroding very quickly. If there are ways for the ‘good’ guys to access this information at will, you can bet the bad guys aren’t far behind. People have the right to know what information is being stored on them and what steps are being used to secure that information.

Comparitech.com has submitted its own Freedom of Information request to the government which will be made available when the answers are forthcoming.

Data Privacy Day is an international effort to encourage Internet users to consider the privacy implications of their online actions and encourage prioritizing data protection in all corporate fields, held annually on January 28.

How to file a subject access request

You have a right to get a copy of the information about you held by your ISP. This can be attained through a subject access request. Under the data protection act, you may ask the organization you think is holding, using or sharing the personal information you want to supply you with paper and computer records and related information.

You must include all of the following within your request:

  • Your name, full address including postcode, landline number (if you have one), account number, date of birth, and alternative contact details
  • Details of what information you’re requesting
  • Proof of identification (copy only, not the original)
  • Administration fee up to £10 in the form of a cheque or postal order)

Here are contact details for the UK’s top four ISPs:

TalkTalk

The Data Controller, PO Box 390, Southampton, SO30 9AQ

Virgin

Data Protection & Privacy, Virgin Media, Bartley Wood Business Park, Hook, Hampshire, RG27 9UP

Phone: 0345 454 1111*

BT (PlusNet, EE)

Data Protection Manager, Box 17, BT Centre, 81 Newgate Street, London. EC1A 7AJ

Sky

DPOFFICE@BSKYB.COM

Form letter

[YOUR NAME]
[ADDRESS]
[CITY, COUNTY]
[POSTCODE]

[MP NAME]
[CONSTITUENCY]

Dear [MP NAME],

I am writing to you to let you know that I have signed the petition to repeal the Investigatory Powers Act that became law in November 2016. I do not support the law that allows the mass surveillance of the public and was branded in large ‘illegal’ by the European Court of Justice.

The petition has received in excess of 200,000 signatures and despite this, it has still been refused debate in Parliament. In a democracy, I feel this should be considered more seriously and the debate should take place. I understand that the Act is supposed to protect national security, but when FOI requests reveal that it has been used to secretly spy on UK residents as reported in the Guardian on the 25th December 2016 in a piece entitled Revealed: British councils used Ripa to secretly spy on public, I have to question its abuse.

I would also like to know how you feel about being exempt from this law as a politician, while the rest of the public is subject to this infringement on their rights to a free and open internet? If you could respond to the email address below on both points, regarding your role in facilitating the debate for the UK Investigatory Powers Act’s repeal in Parliament and your thoughts on why politicians should be exempt from the same laws that govern the rest of the UK public, I would appreciate it.

Sincerely,
[YOUR NAME]
[YOUR EMAIL ADDRESS]