UK faces challenges to bulk spying in European Court of Human Rights

Privacy groups argue bulk data collection breaches Article 8 in landmark court case

Snooping

Representatives from the UK government have appeared in front of the European Court of Human Rights (ECHR) this week after a coalition of civil rights groups brought a challenge to the policy of bulk data collection by security agencies.

Amnesty International, Big Brother Watch, Liberty, Privacy International, as well as 10 other human rights and journalistic groups in Europe, Africa and Asia sought to challenge the legality of the UK's mass surveillance and data collection, in a court hearing that started on Tuesday in Strasbourg.

The group argues that the government policy allowing UK security agencies to intercept data, which NSA whistleblower Edward Snowden's revelations brought to light, is a breach of the European Convention on Human Rights.

Three separate cases are now being brought against the UK government, namely Big Brother Watch and Others v. the United Kingdom, Bureau of Investigative Journalism and Alice Ross v. the United Kingdom, and 10 Human Rights Organisations and Others v. the United Kingdom. The hearing on Tuesday was only the initial part of the process, with an official ruling set to be made at a later stage.

In all three cases, the groups believe that due to the sensitive nature of the data they handle, their communications may have been intercepted by either the UK or US security agencies in the course of bulk data collection and data-sharing.

The practice of sharing data between agencies has been challenged by human rights groups in the past. In a controversial ruling in 2016, the Investigatory Powers Tribunal, which has jurisdiction over GCHQ, MI5 and MI6, ruled that the agreement between the UK's GCHQ and the US's NSA was unlawful, but that the full disclosure of the deal allowed for "adequate signposting" of secret policies. In other words, by revealing and exposing the practice, it complied with human rights law.

This has been challenged by human rights groups, which have now elevated the case to the ECHR in Strasbourg. The hearing on Tuesday was overseen by the court's president Linos-Alexandre Sicilianos, and judges from European countries, including the UK's Tim Eicke.

"Our organisations exist to stand up for people and challenge abuse of power," said Martha Spurrier, director of Liberty, one of the groups challenging the UK government. "We work with whistleblowers, victims, lawyers, journalists, and campaigners around the world, so confidentiality and protection of our sources is vital."

"The UK government's vast, cross-border mass surveillance regime - which lets it access millions of people's communications every day - has made those protections meaningless. No country that deploys industrial-scale state surveillance has ever remained a rights-respecting democracy. We now look to the court to uphold our rights where our government has failed to do so."

In a separate challenge, Privacy International claimed last month that bodies charged with overseeing UK spy agencies didn't actually know that the agencies were allegedly sharing people's data with foreign counterparts.

After lengthy submissions by legal teams from both sides in the ECHR on Tuesday, questions were then directed at the UK government, including asking: who monitors the facilities being used to intercept data; who is responsible for turning those facilities on or off; whether all communication services are under surveillance; and whether data stored in cloud services outside the UK should be considered external communications.

The UK government argued that existing codes, including the Code of Practice for intercepted communications, provide effective oversight of the bulk collection of data, while allowing security agencies to do their work without breaching human rights law. The UK maintains that bulk collection of data is "of critical importance" to ensure national security.

"Whilst privacy rights are, of course, of importance, and to be respected, the right to life and the safety of citizens is paramount," argued the government's legal representative. "The core problem at the heart of the applicant's case, is that they seek to conjure up, by reference to what we suggest are grossly inaccurate speculations presented as fact."

However, human rights groups argued that the bulk collection of data violates Article 8 of the European Convention on Human Rights, which guarantees the right to privacy, specifically because it is untargeted and disproportionate. They also argue that new technology has allowed the government to access even greater amounts of user data online.

The hearing lasted almost three hours before the panel retired to deliberate on the hearing. A ruling date for the case has not yet been made, although we will update the story once it has been confirmed.

Separately, Privacy International's challenge to the UK's bulk data collection practices was escalated to the European Court of Justice by the Investigatory Powers Tribunal in September, giving the court the final say over whether the UK's data collection is lawful or not. 

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021