LONDON (Reuters) - British intelligence agency MI5 was criticized by a privacy watchdog on Tuesday for “illegally mishandling” surveillance data and storing information about innocent people for years.

FILE PHOTO: Thames House, the headquarters of the British Security Service (MI5) is seen in London, Britain October 22, 2015. REUTERS/Peter Nicholls

Liberty said the Investigatory Powers Commissioner’s Office (IPCO) had delivered a highly critical assessment of the domestic spy agency in London’s High Court over storage of data it had amassed under warrants to hack computers, phones and intercept people’s communications.

“These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so,” said Megan Goulding, a lawyer for the civil liberties group.

“This could include our most deeply sensitive information – our calls and messages, our location data, our web-browsing history.”

The IPCO is responsible for checking that sweeping intrusive powers allowed under the Investigatory Powers Act (IPA), dubbed the “Snoopers’ Charter” by critics, are used appropriately, including how data is stored or deleted.

In May, Britain’s Home Secretary (interior minister) Sajid Javid said “compliance risks” had been identified with how MI5 handled data.

“The report of the Investigatory Powers Commissioner’s Office into these risks concluded that they were serious and required immediate mitigation,” Javid wrote in a statement to parliament. “The Commissioner also expressed concern that MI5 should have reported the compliance risks to him sooner.”

Liberty said documents presented at court by the Commissioner, Adrian Fulford, showed that MI5 had in effect been put into “special measures” over its use of data obtained under warrants.

Fulford had also said compliance failures first become clear back in January 2016 but were only brought to the IPCO’s attention in February this year, it said.

Javid said in May MI5 had taken “immediate and substantial mitigating actions” to address concerns and the IPCO was monitoring this to ensure sufficient progress. Both the Home Office and IPCO said they had no further comment on the issue.

Britain has been at the forefront of a battle between privacy and security since former U.S. security agency contractor Edward Snowden leaked details of mass monitoring tactics used by U.S. and British agents in 2013.

The IPA, which was partly introduced to provide more transparency around surveillance powers, provides vital tools to protect the public from criminals, pedophiles and terrorism, government and security officials say.

Critics argue it grants police and spies some of the most extensive snooping capabilities in the West.