The GCHQ British intelligence agency didn't follow protocol when it intercepted data on two non-government organizations, according to the country's Investigatory Powers Tribunal (IPT). Retaining emails for longer than it is supposed to is a violation of GCHQ internal procedures - but the IPT says the data interception was legal.
"We welcome the IPT's confirmation that any interception by GCHQ in these cases was undertaken lawfully and proportionately, and that where breaches of policies occurred they were not sufficiently serious to warrant any compensation to be paid to the bodies involved," a government spokesman said, in a statement published by the BBC.
The GCHQ intercepted communications from the Legal Resources Centre and Egyptian Initiative for Personal Rights, with both groups saying their data was illegally examined and retained. However, the IPT didn't offer a statement regarding claims from Amnesty International and other NGOs.
"GCHQ takes procedure very seriously. It is working to rectify the technical errors identified by this case and constantly reviews its processes to identify and make improvements."
Of course, privacy advocates aren't buying the GCHQ's public statements regarding the case: "Make no mistake, these internal failures will not be limited to just these instances," said Eric King, deputy director of Privacy International, in a statement to the BBC. "Trying to pass off such failings as 'technical,' or significant changes in law as mere 'clarifications,' has become a tiring defense for those who know the jig is up."