The Interception of Communications Commissioner said in his report covering 2013 that:
“Public authorities do not misuse their powers under RIPA Part I to engage in random mass intrusion into the private affairs of law abiding UK citizens. It would be comprehensively unlawful if they did. I have considered whether there is a material risk that unlawful intrusion might occur in the operation of Section 8(4). Subject to some further investigation, I conclude there is no material risk.
I am quite clear that any member of the public who does not associate with potential terrorists or serious criminals or individuals who are potentially involved in actions which could raise national security issues for the UK can be assured that none of the interception agencies which I inspect has the slightest interest in examining their emails, their phone or postal communications or their use of the internet, and they do not do so to any extent which could reasonably be regarded as significant.
British intelligence agencies do not circumvent domestic oversight regimes by receiving from US agencies intercept material about British citizens which could not lawfully be acquired by intercept in the UK.”
Notwithstanding this endorsement of the intelligence agencies’ practices, since the Commissioner’s report in 2014 Parliament has enacted the Investigatory Powers Act 2016 which completely overhauls and updates the legal regime, safeguards and oversight which govern the intelligence agencies’ use of surveillance powers. The Act also addresses a number of the recommendations contained in reports from the Commissioner, as well as responding to independent reviews by David Anderson QC (then the Independent Reviewer of Terrorism Legislation), the Intelligence and Security Committee of Parliament and the Royal United Services Institute.
With regards to the case before the Irish High Court, this related to the sharing of information of European citizens with the United States of America under the “Safe Harbour” agreement. The Irish Court referred the case to the European Court of Justice. Since then, the US and European Commission have negotiated a new agreement for data transfers known as “Privacy Shield”.