MI5 and MI6 may be circumventing legal safeguards when they share bulk datasets with foreign intelligence services and commercial partners, a court has been told.
Most of the bulk personal datasets relate to UK citizens who are not of “legitimate intelligence interest”, the investigatory powers tribunal (IPT) heard.
[...]
While GCHQ has said it insists its partners adopt equivalent standards and safeguards when processing bulk data, Jaffey said, neither MI5 nor MI6 have a similar approach. “The effect will be the circumvention of the UK legal regimes,” he added. “Protections will be avoided.”
The information collected includes "internet usage, telephone call logs, websites visited, online file transfers and others". It gets given to researchers at UK universities, UK government agencies, and foreign intelligence agencies. There's no safeguards on the latter, and this information can potentially be used to abduct and torture people, or target them for drone assassination. Either of those uses would of course be completely contrary to UK law, but if they don't check, then the spies can pretend that they're not criminals.
And of course this raises serious questions about whether New Zealand's intelligence agencies have similar datasets and what information they share about New Zealanders (or others). Some of this may be covered by the still-ongoing IGIS inquiries into cooperation with CIA rendition and torture and interceptions in the South Pacific, but neither of those reports seem like they'll be emerging any time soon.