The United Kingdom passed a surveillance law that is being called the “most extreme” of its kind ever passed in a democracy.
Under the new law, internet providers in the U.K. are required to store the browsing histories of all users, including visited domains, for one year. The data will be held in case of police investigations, ZDNet reported.
The new law was introduced by Theresa May, then-home secretary, in 2012. It took two attempts to get the law passed.
The bill was finalized and passed on Wednesday. Both parliamentary houses passed the legislation.
Civil liberty groups and privacy advocates have condemned the bill, claiming it will allow the government to document everything Britons do online.
The law requires internet providers to store every customer’s top-level web history in real-time, and keep that data for up to one year. The data can be accessed by numerous government departments. Under the law, companies can also be forced to decrypt data on demand and disclose new security features in products before they are released.
Intelligence agencies will also have the authority to hack into the devices and computers of citizens, although medical staff and journalists have better protections.
Jim Killock, Open Rights Group director, called the law the “most extreme surveillance law ever passed in a democracy.”
The bill has been opposed by privacy and rights groups, Silicon Valley tech companies and representatives of the United Nations.
A “double lock” system will be in place, which requires an independent judicial commissioner and the secretary of state to agree on carrying out search warrants. An investigatory powers commissioner will oversee these powers, according to reports.
The U.K. government has downplayed concerns surrounding the bill, stating that the law isn’t drastically new. Officials say the bill reworks RIPA (Regulation of Investigatory Powers Act), which is old and outdated.
The bill will be ratified by royal assent in the next few weeks.