The UK government has been conducting mass surveillance on the British population for years, routinely requisitioning data from thousands of public and private organisations. The kind of data collected includes medical records, correspondence with lawyers, financial information and even which petitions you have signed.

The data has been collected under a law dating back to 1984, which allows GCHQ, MI5 and MI6 to use so-called “Bulk Personal Datasets”. Up until last year, parliament’s Intelligence and Security Committee (ISC) was unaware of the utilisation of this data, suggesting that parliamentary oversite of the security services surveillance has effectively collapsed.

The surveillance came to light thanks to a lawsuit by campaign group Privacy International. Access to data was so laxly policed that one memo sent by the Secret Intelligence Service (SIS) claimed individuals had used the data for “looking up addresses in order to send birthday cards, checking passport details to organise personal travel, checking details of family members for personal convenience”.

In theory, accessing the data from a bulk personal dataset required a signed warrant from a senior government minister. However, these cases demonstrate that these rules were not followed by individual officers.

A Home Office spokesperson told the Financial Times the Bulk Personal Datasets “have been essential to the security and intelligence agencies over the last decade and will be increasingly important in the future… Terrorists and criminals have embraced modern communication networks to plan, co-ordinate and increasingly to execute their attacks”.

However, despite this official emphasis on the prevention of terrorism, according to Ars Technica the data has also been used for other purposes around “protecting Britain’s economic wellbeing” – including, allegedly, the prevention of pirate copies of Harry Potter books from leaking onto the internet.

Up till now, the legal basis for allowing security services to access this data has been based on Section 94 of The Telecommunications Act 1984 – a piece of legislation that pre-dates the era of mass internet access, and that was never intended to cover the kind of data that has been harvested. However, according to Millie Graham Wood, legal officer at Privacy International: “The agencies have been doing this for 15 years in secret and are now quietly trying to put these powers on the statute book for the first time, in the Investigatory Powers Bill, which is currently being debated in parliament. These documents reveal a lack of openness and transparency with the public about these staggering powers and a failure to subject them to effective Parliamentary scrutiny.”

READ NEXT: How GCHQ snooping has destroyed trust in British tech