UK spy agencies are collecting citizens’ social media and medical data, a court has heard.
The details emerged in a case brought by Privacy International, looking at the legality of mass data collection.
It said it was concerned that the information could have been shared with foreign governments and corporate partners.
The body which oversees UK surveillance did not know that highly sensitive data was being shared, it emerged.
Facebook said it did not provide “any government with access to people’s data”.
The long-running legal case was brought by Privacy International, following revelations in March 2015 that the intelligence agencies were collecting not only targeted data on specific suspects but also information from the general public.
The details were revealed in an Intelligence and Security Committee report which, although heavily redacted, stated that so-called bulk personal datasets (BPDs) vary in size from hundreds to millions of records.
The current case is being heard by the Investigatory Powers Tribunal, set up to look at complaints about surveillance issues.
According to Privacy International it is the first time that the type of data being collected has been made public, although it is still not clear how such data is collected.
“We don’t know whether it it is intercepted or given to it by the companies,” Millie Graham Wood, a solicitor at Privacy International, told the BBC.
Facebook said that it did not provide “back doors” and that it scrutinised “each government request for user data”.
Meanwhile, in a blogpost from 2016, Twitter said that it “prohibits developers using the public APIs and… data products from allowing law enforcement – or any other entity – to use Twitter data for surveillance purposes.”
One of the biggest reveals of the court case was that private contractors had “administrator” access to some of the information the agencies collect.
The Investigatory Powers Commissioner’s Office (IPCO), which oversees the UK’s surveillance regime, has raised concerns over the role of these private contractors.
In letters shared with PI, it said that there are “no safeguards” in place to prevent the misuse of the systems by third parties.
Ms Graham Wood said: “After all this time, just before the court hearing we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments.
The risks associated with these activities are painfully obvious. We are pleased the IPCO is keen to look at these activities as a matter of urgency and the report is publicly available in the near future.”