The bulk collection of every citizens’ internet history violates human rights, E.U. court rules.
The Court of Justice of the European Union ruled that bulk data retention is “illegal” in a landmark ruling against the United Kingdom’s intrusive mass surveillance laws.
This case—which is actually against the U.K.’s expiring surveillance framework, the Data Retention and Investigatory Powers Act (DRIPA)— will still have serious consequences for the U.K.’s recently passed mass surveillance laws, the Investigatory Powers Act, known derisively as the “snooper’s charter.”
The controversial Investigatory Powers Act is set to replace DRIPA at the start of next year. It was officially signed into law just weeks ago, but this landmark European court judgement will force Parliament to rethink major sections of the new law, which require the retention of every citizen’s browsing history for a period of up to one year.
The court heard that the “general and indiscriminate retention” of data conflicts with European legal standards, to which all E.U. member states must adhere.
“The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance,” the judgement reads.
“Consequently, only the objective of fighting serious crime is capable of justifying such interference. … Legislation prescribing a general and indiscriminate retention of data … exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society.”
The ruling further requires that data retention request must be subject to prior review by an independent authority.
The case had been brought by two members of parliament supported by a number of privacy advocacy organizations, including Liberty, the Open Rights Group, and Privacy International. Even though the case must now return to the U.K. Court of Appeal, the law’s incompatibility with European human rights safeguards is being seen as a victory against mass surveillance.
“The CJEU has sent a clear message to the U.K. government: blanket surveillance of our communications is intrusive and unacceptable…” Jim Killock of the Open Rights Groups said in a statement. “The government knew this judgment was coming, but [U.K. Prime Minister] Theresa May was determined to push through her snoopers’ charter regardless. The government must act quickly to re-write the IPA or be prepared to go to court again.”
Perhaps as a further implication, the European ruling lays a challenge to the post-Brexit U.K. government—entrusted with initiated the country’s transition out of the E.U. where privacy rights are enshrined in law.
In a statement, Martha Spurrier, director of Liberty, addressed this fact: “This is the first serious post-referendum test for our government’s commitment to protecting human rights and the rule of law. The U.K. may have voted to leave the E.U.—but we didn’t vote to abandon our rights and freedoms.”
Ironically, the new Brexit secretary—a position created after the U.K. voted to leave the E.U. earlier this year—is MP David Davis, one of the politicians who brought this case to challenge DRIPA in 2015. He had stepped away from the case upon his appointment as secretary.