mass data slurping ruled illegal – AGAIN

Another blow for Snooper's Charter

By Rebecca Hill

Posted in Policy, 30th January 2018 13:27 GMT

The UK’s Court of Appeal has ruled that the government’s unfettered slurping of citizens’ data broke the law.

In a judgment handed down this morning, judges backed a challenge brought by deputy Labour leader Tom Watson in a long-running battle against state surveillance rules.

These laws allow for ISPs and telcos to retain communications data for up to a year and for public authorities to get access to this information. But campaigners have argued it fails to properly restrict this retention and access.

Today's ruling refers to the Data Retention and Investigatory Powers Act, which expired at the end of 2016, but will have significant implications for its successor, the Investigatory Powers Act.

The so-called Snoopers’ Charter was already under pressure following a landmark 2016 ruling from the Court of Justice of the European Union, and today’s judgment adds weight to this.

In the document, the judges also note: “As [Ben] Jaffey QC, on behalf of the first respondent, pointed out in the course of his oral submissions, that the fact that DRIPA has been repealed does not make this a pointless exercise”.

Their ruling was that DRIPA “was inconsistent with EU law” because it did not limit access to retained communications data solely to the purpose of fighting serious crime.

It also broke the law because police forces and public authorities could themselves grant access to retained data – rather than access being subject to prior review by a court or an independent administrative authority.

This cements the CJEU’s opinions, with Martha Spurrier - director of Liberty, which represented Watson in the case - saying that it “tells ministers in crystal clear terms that they are breaching the public’s human rights”. admits Investigatory Powers Act illegal under EU law


The government has already been forced to admit that chunks of the Investigatory Powers Act are illegal, issuing a set of amendments it hoped would plaster over the faults and bring it into line.

But Liberty described these as “half-baked plans [that] do not even fully comply with past court rulings requiring mandatory safeguards” - even without today’s decision.

Of particular concern from privacy activists was the plan to lower the threshold for “serious crime” to six months (rather than three years) in prison - effectively making it easier for the government to slurp up people’s data.

Big Brother Watch’s response to the consultation also picked apart the government’s reading of the CJEU judgment, criticising the assertion that the government’s data retention regime isn't "general and indiscriminate”.

It also expressed disappointment that the proposed Office of Communications Data Authorisations – which will sign off on communications data requests instead of the public bodies themselves – would not be a judicial body.

In addition, Big Brother Watch said the fact the proposed rules also allow for “urgent requests” to be signed off internally without retrospective assessment by the OCDA weakened safeguards in these cases.

Today’s judgement did not consider whether the CJEU’s decision should refer to national security - predictably, the government says no and campaign groups say yes - and instead stuck to the matters of serious crime.

The judges said that it was not necessary for that court to come to a conclusion on this because it was to be considered by the Investigatory Powers Tribunal and is now subject to a further reference to the CJEU. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...'s Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al

UK regulator moots data protection sandbox for organisations to play in

ICO strategy outlines plans to slurp up academic expertise

Austrian privacy chief handed leash to EU's data protection beast

Group warms up for greater powers once GDPR hits

Facebook smartmobe app's pre-ticked privacy settings violate German data protection law

Court favours consumer group in long-running dispute

Don't sweat Brexit, big biz told: Your shiny data protection sticker will remain intact

Survey reveals GDPR training and investment is on the rise told: Scrap immigration exemption from Data Protection Bill or we'll see you in court

Campaigners say proposed law would create a 'discriminatory' system for data access rights

Irish eyes are sighing: Data protection office notes olagoanin'* up 79%

Annual report reveals boost in complaints, breach notifications