Data Processing

Suggest Good Practice


Once data has been collected and filtered, it must be stored, tagged, and later removed or destroyed. This phase of the SIGINT process is particularly relevant for both oversight bodies and the intelligence services because lawful and efficient data management is the basis for relevant data analysis.

Bulk data processing presents several complex governance challenges that will occupy oversight bodies for years to come. There is plenty of room for oversight innovation.

When drafting intelligence legislation, lawmakers should be sufficiently mindful of the role and depth of multilateral intelligence cooperation. Services exchange raw and evaluated data in enormous quantities with their foreign partners and jointly feed various databases. Legal frameworks should account for the joint responsibility that governments have for joint databases, even if they are not hosted on their territory. Furthermore, there is a pressing need to ensure effective oversight of shared databases, possibly in the form of multilateral oversight.

Many oversight bodies seem to agree that much more work needs to be done to independently verify that the services honor their obligations to delete data. Drafting standards for what constitutes proper deletion and how this can be verified would be one important step in this direction.



Government responsibility
International cooperation
Legal Safeguard
Oversight Innovation

Good Practices

no results found

Nerd Corner

Bellovin, Steven M., Matt Blaze, Susan Landau, and Stephanie K. Pell. 2016. “It’s Too Complicated: How the Internet Upends Katz, Smith, and Electronic Surveillance Law.” Harvard Journal of Law & Technology 30 (1).

BfDI (Federal Commissioner for Data Protection and Freedom of Information). 2016. “Stellungnahme zum Entwurf eines Gesetzes zur Ausland-Ausland-Fernmeldeaufklärung des Bundesnachrichtendienstes (BT-Drs. 18/9041).” September 21, 2016.

Bradford Franklin, Sharon. 2018. “Carpenter and the End of Bulk Surveillance of Americans.” Lawfare. July 25, 2018.

Carey, Bjorn. 2016. “Stanford Computer Scientists Show Telephone Metadata Can Reveal Surprisingly Sensitive Personal Information.” Stanford News (blog). May 16, 2016.

CTIVD (Commissie van Toezicht op de Inlichtingen-en Veiligheidsdiensten). 2017. “Start Project Toezicht 3.0.” April 25, 2017.

CTIVD. 2018. “Review Report: The Multilateral Exchange of Data on (Alleged) Jihadists by the AIVD.” CTIVD No. 56.

Dorion, Pierre. 2008. “Data Deletion or Data Destruction?” SearchDataBackup. July 2008.

Eijk, Nico van, and Cedric Ryngaert. 2017. “Expert Opinion – Legal Basis for Multilateral Exchange of Information.” Appendix IV of CTIVD rapport no. 56 to the review report on the multilateral exchange of data on (alleged) jihadists by the AIVD. Utrecht/Amsterdam.

EOS Committee. 2016. “Dokument 16 (2015–2016). Rapport til Stortinget fra Evalueringsutvalget for Stortingets kontrollutvalg for etterretnings-, overvåkings- og sikkerhetstjeneste (EOS-utvalget).” February 29, 2016.

Huber, Bertold. 2017. “Kontrolle der Nachrichtendienste des Bundes – Dargestellt am Beispiel der Tätigkeit der G10-Kommission.” Zeitschrift für das Gesamte Sicherheitsrecht 01.

Konkel, Frank. 2014. “The Details about the CIA’s Deal with Amazon.” The Atlantic. July 17, 2014.

Organisation for Economic Co-Operation and Development. 2013. “The OECD Privacy Framework.”

Reardon, Joel, Hubert Ritzdorf, David Basin, and Srdjan Capkun. 2013. “Secure Data Deletion from Persistent Media.” In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security – CSS ’13, 271–84. Berlin, Germany: ACM Press.

Swedish State Inspection for Defense Intelligence Operations (SIUN). 2018. “Årsredovisning för 2017.” February 22, 2018. Stockholm.