UK faces challenges to bulk spying in European Court of Human Rights

Privacy groups argue bulk data collection breaches Article 8 in landmark court case

Snooping

Representatives from the UK government have appeared in front of the European Court of Human Rights (ECHR) this week after a coalition of civil rights groups brought a challenge to the policy of bulk data collection by security agencies.

Amnesty International, Big Brother Watch, Liberty, Privacy International, as well as 10 other human rights and journalistic groups in Europe, Africa and Asia sought to challenge the legality of the UK's mass surveillance and data collection, in a court hearing that started on Tuesday in Strasbourg.

The group argues that the government policy allowing UK security agencies to intercept data, which NSA whistleblower Edward Snowden's revelations brought to light, is a breach of the European Convention on Human Rights.

Three separate cases are now being brought against the UK government, namely Big Brother Watch and Others v. the United Kingdom, Bureau of Investigative Journalism and Alice Ross v. the United Kingdom, and 10 Human Rights Organisations and Others v. the United Kingdom. The hearing on Tuesday was only the initial part of the process, with an official ruling set to be made at a later stage.

In all three cases, the groups believe that due to the sensitive nature of the data they handle, their communications may have been intercepted by either the UK or US security agencies in the course of bulk data collection and data-sharing.

The practice of sharing data between agencies has been challenged by human rights groups in the past. In a controversial ruling in 2016, the Investigatory Powers Tribunal, which has jurisdiction over GCHQ, MI5 and MI6, ruled that the agreement between the UK's GCHQ and the US's NSA was unlawful, but that the full disclosure of the deal allowed for "adequate signposting" of secret policies. In other words, by revealing and exposing the practice, it complied with human rights law.

This has been challenged by human rights groups, which have now elevated the case to the ECHR in Strasbourg. The hearing on Tuesday was overseen by the court's president Linos-Alexandre Sicilianos, and judges from European countries, including the UK's Tim Eicke.

"Our organisations exist to stand up for people and challenge abuse of power," said Martha Spurrier, director of Liberty, one of the groups challenging the UK government. "We work with whistleblowers, victims, lawyers, journalists, and campaigners around the world, so confidentiality and protection of our sources is vital."

"The UK government's vast, cross-border mass surveillance regime - which lets it access millions of people's communications every day - has made those protections meaningless. No country that deploys industrial-scale state surveillance has ever remained a rights-respecting democracy. We now look to the court to uphold our rights where our government has failed to do so."

In a separate challenge, Privacy International claimed last month that bodies charged with overseeing UK spy agencies didn't actually know that the agencies were allegedly sharing people's data with foreign counterparts.

After lengthy submissions by legal teams from both sides in the ECHR on Tuesday, questions were then directed at the UK government, including asking: who monitors the facilities being used to intercept data; who is responsible for turning those facilities on or off; whether all communication services are under surveillance; and whether data stored in cloud services outside the UK should be considered external communications.

The UK government argued that existing codes, including the Code of Practice for intercepted communications, provide effective oversight of the bulk collection of data, while allowing security agencies to do their work without breaching human rights law. The UK maintains that bulk collection of data is "of critical importance" to ensure national security.

"Whilst privacy rights are, of course, of importance, and to be respected, the right to life and the safety of citizens is paramount," argued the government's legal representative. "The core problem at the heart of the applicant's case, is that they seek to conjure up, by reference to what we suggest are grossly inaccurate speculations presented as fact."

However, human rights groups argued that the bulk collection of data violates Article 8 of the European Convention on Human Rights, which guarantees the right to privacy, specifically because it is untargeted and disproportionate. They also argue that new technology has allowed the government to access even greater amounts of user data online.

The hearing lasted almost three hours before the panel retired to deliberate on the hearing. A ruling date for the case has not yet been made, although we will update the story once it has been confirmed.

Separately, Privacy International's challenge to the UK's bulk data collection practices was escalated to the European Court of Justice by the Investigatory Powers Tribunal in September, giving the court the final say over whether the UK's data collection is lawful or not. 

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
Peloton security bug could expose user data
data protection

Peloton security bug could expose user data

6 May 2021
Tens of thousands of Pennsylvanians health data exposed following data breach
data protection

Tens of thousands of Pennsylvanians health data exposed following data breach

4 May 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

30 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021