Privacy watchdog the Information Commissioner's Office (ICO) believes that Government plans to force ISPs and telecoms firms to gather more communications data do not adequately protect privacy.
The ICO has said that the plans are a "step change" in people's relationship with the state, and that they could damage both the privacy of individuals and the commercial interests of telecoms firms. It said that the Government has not properly considered alternative approaches before choosing wide surveillance.
The views are contained in the ICO's response to a Government consultation on plans to order telecoms firms to collect and store more data about citizens' use of communications technology.
The consultation has proposed that ISPs and phone companies be forced to collect third party data on usage and that they help to connect their own records with other companies' information.
The Government published its plans in April, having stepped back from plans to create a centralised database of communications use.
The ICO's response to the consultation expresses unease at the increase in information gathering about private activities.
"The ICO recognises the value that communications data has for the prevention and detection of crime and the prosecution of offenders," said its response to the plans. "However, this in itself is not justification enough for mandating the collection of all possible communications data on all subscribers by all CSPs [communication service providers]."
The Government can currently ask telecoms firms for communications data but its plans would demand that companies collect more data than currently and conduct more processing of it.
The ICO said that it is worried that the increased complexity of the task will lead to individuals being 'mistakenly identified' through the processing of data. It also said that it had yet to be convinced that such wholescale processing was "not excessive", as the Data Protection Act demands.
The ICO said that the scale of the changes under consideration should not be underestimated.
"This proposal represents a step change in the relationship between the citizen and the state," it said. "Prior to this, police and intelligence services would have access to information which was already collected and held by CSPs. For the first time this proposal is asking CSPs to collect and create information they would not have previously held, and to go further in conducting additional processing on that information. Evidence for this proposal must be available to demonstrate that such a step change is necessary and proportionate."
The ICO also said that it has a limited overseeing role in the matter because it cannot regulate communications interception. It said that people and even the Government seem unclear on the exact boundaries of regulatory responsibility, and that this could lead to privacy abuses.
"References to safeguards might imply that the Information Commissioner has a greater role in the oversight and regulation of the use of interception of communications than is actually the case," it said. "The Information Commissioner is concerned that there may be gaps in the current regulatory regime that not only have the potential to affect the rights of individuals and their avenues of recourse, but also the clarity of roles and responsibility of CSPs."
"The ICO is concerned that the current safeguards are not adequate to deal with the further collection and processing of communications data by CSPs. Indeed the gaps in regulatory oversight carry an inbuilt risk of non-compliance with current law surrounding interception of communications," it said. "Not only does this carry privacy risks, it also presents significant commercial risks for CSPs in that the only oversight is when a criminal offence has been committed."
The ICO said that there could be other ways to address the problem of using communications data to detect and punish crime, and that the Government should investigate alternatives.
"The consultation does not appear to have fully investigated other options that may exist between the two extremes of a single, centralised Government database of all communications data and doing nothing," it said. "Full consideration of all available solutions is essential to ensuring that the final decision as to which option is selected fully considers the proportionality and necessity of that solution against other possible solutions."