More than 16,000 staff in the public sector and its agencies have been empower by Section 4 of the Investigatory Powers Act to snoop on people's internet connection records.
And that's before the estimated 4,000 staff at security agency MI5, the 5,500 at GCHQ and 2,500 at MI6 are taken into account.
That's according to the responses from a series of almost 100 Freedom of Information (FOI) requests made in a bid to find out exactly who has the power to snoop on ordinary people's web browsing histories under the Act.
GCHQ, the Home Office, MI6, the National Crime Agency, the Ministry of Justice, all three armed forces and Police Service of Scotland all failed to respond to the FOI requests - so the total could be much higher.
According to WhoIsHostingThis.com, a tool that enables internet users to find out which web hosting company a site is hosted with, the organisation that filed the FOI requests, the sheer number of people empowered under the Investigatory Powers Act will increase the risk of a large-scale breach of highly sensitive data.
"Small-scale data protection breaches happen all the time; large scale hacks aren't that rare. And the UK government has a long track record of losing personal data accidentally, too," claimed the organisation.
Access to people's web-browsing histories by public-sector staff is broken down into two types - full access, or entities, which provides a more restricted view.
"It's important to get to grips with the sheer scale of the issue. There are a dizzying number of people with access to your private data. They all have permission to see what you get up to on your laptop or phone. And, in some cases, it isn't clear how their jobs have anything to do with the supposed reasons the Investigatory Powers Act was passed in the first place," the organisation added.
There are almost 3,000 staff at HMRC with the power to peruse people's internet connection records out of 56,000 ‘full time equivalents', which means that more than five per cent of the staff at HMRC can spy on people's web-browsing histories. That is on top of 10,578 in the UK's various police forces.
The Investigatory Powers Act became law in 2016 after almost a decade in which governments of various complexions had tried - and failed - to bring in such all encompassing web surveillance laws.
It comes after it was disclosed that the police routinely breaks rules surrounding access to sensitive computer systems, for either personal reasons or criminal gain. Last year, Big Brother Watch found that police had been responsible for more than 2,000 data breaches in the previous five years.
Infected apps have been downloaded more than 50 million times
Customers of regular price-raising ISP and cable operator claim nationwide outages started on Monday
Pixel 2 smartphones and a Pixel-branded laptop also planned by Google
The moment you've all been waiting for...