F5.4 Establish appropriate legal framework to govern DPI initiatives

Principle

F5 Uphold the rule of law

Risk

RS1 Privacy vulnerability, SV2 Weak rule of law

Life Cycle Stage

L1 - Conception and Scoping

Practice

• Incorporate detailed provisions within the legal framework that specify permissible data collection, usage, and sharing practices, to name a few, particularly focusing on data protection, privacy, and user rights.

• Issue practice directions for the review of security services’ requests for data access, stipulating minimum evidentiary requirements for such approvals, which must be granted by properly constituted courts with requisite knowledge of the subject matter.

• Assess the legal framework regularly.