Ten internal documents from senior MI5 officials, including an 11 March letter from director Sir Andrew Parker, revealed significant non-compliance issues in how citizens' data had been kept and used, including a subsequent cover-up of internal failures and that "data might be being held in ungoverned spaces in contravention of our policies".

UK security service MI5 has come under fire over its “unlawful” storage and handling of bulk data after a court case involving UK Investigatory Powers Commissioner, Lord Justice Sir Adrian Fulford, as well as London-based civil rights group Liberty, found that MI5 had used “special measures” whilst handling data gathered through warrants.

Sir Fulford also revealed that there had been a “historical lack of compliance” with UK law as it retained and deleted sensitive data under the Investigatory Powers Act 2016, or “snooper’s charter”.

What Did the Ruling Say?

Sir Fulford concluded in a press release on Tuesday that MI5 had been holding and using data in an “undoubtedly unlawful” manner, stating that MI5’s “historical lack of compliance... is of such gravity that IPCO will need to be satisfied to a greater degree than usual that it is ‘fit for purpose'".

MI5 had known for three years before informing the Investigatory Powers Commissioner’s Office (IPCO) and that the agency had failed to “maintain key safeguards”, including the “timely destruction of material” and “protection of legally privileged material”, creating “serious compliance gaps” in its legal duties, his statement read.

— Rowland Manthorpe (@rowlsmanthorpe) June 11, 2019

But the IPCO had only been informed of the concerns in February 2019, adding that MI5 officials had continued using “misleading euphemisms” to describe their failures.

Senior judges had issued warrants to collect bulk surveillance on the understanding that MI5 was complying with data handling obligations, adding that warrants would not have been issued if the intelligence agency had failed to comply.

Sir Fulton said: “It is impossible to sensibly reconcile the explanation of the handling of arrangements the Judicial Commissioners were given in briefings…with what MI5 knew over a protracted period of time was happening.

How did Liberty Respond?

Liberty Lawyer Megan Goulding said that the “shocking revelations” had exposed how “MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so”.

“This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history,” Ms Goulding said.

— Hannah Couchman (@Hannah_Couchman) June 11, 2019

Ms Goulding added that it was “unacceptable” that the public was “only learning now about these serious breaches” following the revelations and in the course of her group’s “legal challenge”.

She added: “In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the Government’s surveillance regime.

“And, despite a light being shone on this deplorable violation of our rights, the Government is still trying to keep us in the dark over further examples of MI5 seriously breaching the law.”

READ MORE: Big Win: Britain's GCHQ Spygrid Violates Right to Privacy, ECHR Rules

Court rulings have been issued to UK intelligence agencies in recent history, most notably the Strasbourg-based European Court of Human Rights (ECHR) ruling against the Government Communications Headquarters (GCHQ) in September 2018, which found that the GCHQ had violated EU law after five nations charged with global surveillance programmes had released a memo calling for workarounds to internet encryption. The case of Big Brother Watch and Others v. The United Kingdom raised complaints about the GHCQ's bulk interception of communications, as well as intelligence sharing with foreign governments and bulk data collection from communication service providers.