European Union Court of Justice backs challenge to Data Retention and Investigatory Powers Act

According to civil liberties and Human Rights champion Liberty, the Government is breaking the law by indiscriminately collecting the nation’s Internet activity and phone records and letting hundreds of public bodies grant themselves access to these personal details with no suspicion of serious crime and no independent sign-off,  meaning that “significant parts” of the so-called Snoopers’ Charter are “effectively unlawful”.

Judges at the European Union Court of Justice (CJEU) have backed a challenge by MP Tom Watson, represented by Liberty, to the Data Retention and Investigatory Powers Act (DRIPA). This is the temporary emergency law that covers state surveillance. DRIPA will expire on 31 December, but the Government has since replicated and vastly expanded the same powers in its new flagship surveillance law, the Investigatory Powers Act, which passed through the Palace of Westminster in November.

Liberty states that the CJEU ruling means major parts of that new Act are, in effect, unlawful and the Government will need to urgently and fundamentally amend it.

Martha Spurrier, Liberty’s director, said: “The judgement upholds the rights of ordinary British people not to have their personal lives spied on without good reason or an independent warrant. The Government must now make urgent changes to the Investigatory Powers Act to comply with this. This is the first serious post-EU Referendum test for our Government’s commitment to protecting Human Rights and the rule of law. The UK may have voted to leave the EU, but we didn’t vote to abandon our rights and freedoms.”

Tom Watson MP stated: “This ruling shows that it’s counter-productive to rush new laws through Parliament without proper scrutiny. At a time when we face a real and ever-present terrorist threat, the security forces may require access to personal information none of us would normally hand over. That’s why it’s absolutely vital that proper safeguards are put in place to ensure this power isn’t abused, as it has been in the recent past.”

The MP continued: “Most of us can accept that our privacy may occasionally be compromised in the interests of keeping us safe, but no-one would consent to giving the police or the Government the power to arbitrarily seize our phone records or e-mails to use as they see fit. It’s for Judges, not Government Ministers, to oversee these powers. I’m pleased that the European Union Court of Justice has upheld the earlier decision of the UK courts.”

CJEU’s ruling in detail

DRIPA forces communications companies to store every individual’s ‘communications data’ – the who, what, when, where and how of every e-mail, text, phone call and Internet communication, including those of lawyers, doctors, MPs and journalists.

This data is subject to what Liberty calls “an extremely lax access regime”, and one which lets hundreds of organisations and Government agencies – from police forces to HMRC – to grant themselves access for a wide range of reasons that have nothing to do with investigating serious crime.

CJEU Judges have now ruled this regime breaches British people’s rights because it:

*allows general and indiscriminate retention of all communications data
*doesn’t restrict access to this data for the purposes of preventing and detecting precisely defined serious crime
*allows police and public bodies to authorise their own access, instead of subjecting access requests to prior authorisation by a court or an independent body
*doesn’t provide for notification after the event to people whose data has been accessed
*doesn’t require that the data be kept within the European Union

Since this legal challenge was launched back in 2014, the Investigatory Powers Act has not only re-legislated for the powers found to be unlawful by the CJEU, but has gone much further. The Act has dramatically expanded powers to gather data on the entire population, while maintaining the controversial lack of safeguards that resulted in this legal challenge arising. Under it, the state now also has access to every person’s Internet use – every website visited or app used – which service providers must generate and store for 12 months.

This creates vast databases of deeply sensitive and revealing personal information which – at a time when companies and Governments are under increasingly frequent attack from hackers – creates a goldmine for criminals and foreign spies. This data can be accessed by dozens of public authorities with no need for suspicion of criminality or prior sign-off from a Judge or other independent official. These authorities include the NHS, the Department for Work and Pensions and the Gambling Commission.

The Investigatory Powers Act has also legalised other “unprecedented” bulk spying powers – including bulk hacking, the interception of phone calls and e-mails on an industrial scale and the collection of huge databases containing sensitive information on millions of people – which could integrate records such as Oyster card logs and Facebook back-ups.

Liberty believes these indiscriminate powers are also unlawful and is preparing to challenge them in court.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts