GCHQ’s mass data collection practices breached human rights law, European court rules

Surveillance methods disclosed by Edward Snowden in 2013 ruled illegal in landmark ruling

Aerial shot of GCHQ's building

The European court of human rights (ECHR) has ruled GCHQ's mass surveillance programmes violated privacy rights, and lacked the necessary safeguards to ensure collected data was protected.

Judges ruled the agency breached Articles 8 and 10 of the European Convention on Human Rights (ECHR), concerning privacy and freedom of expression respectively, in its data collection methods disclosed by Edward Snowden in 2013.

Advertisement - Article continues below

"This landmark judgment confirming that the UK's mass spying breached fundamental rights vindicates Mr Snowden's courageous whistle-blowing and the tireless work of Big Brother Watch and others in our pursuit for justice," said Big Brother Watch director Silkie Carlo.

"Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public."

The landmark case, brought by several rights groups including Big Brother Watch, Liberty and Amnesty International, considered three aspects of surveillance: intelligence sharing, obtaining communications data from service providers, and bulk interception of communications.

While the latter two aspects were found to represent a violation of human rights law, judges ruled intelligence sharing with foreign governments did not contravene either Article 8 or Article 10 of the ECHR.

While bulk data collection did not in itself violate the ECHR, according to the judgement, the practice of obtaining communications data from service providers via interception was not in accordance with the law, and therefore was in violation of Article 8.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

While representing the privacy rights set out in Article 8, the practice also violated Article 10, freedom of expression, "as there were insufficient safeguards in respect of confidential journalistic material".

The ECHR also concluded there was a "lack of oversight of the entire selection process" and that safeguards were not "sufficiently robust to provide adequate guarantees against abuse".

"The Court has put down a marker that the UK government does not have a free hand with the public's communications and that in several key respects the UK's laws and surveillance practices have failed," said Dan Carey, who represented the applicants in the ECHR.

"In particular, there needs to be much greater control over the search terms that the government is using to sift our communications. The pressure of this litigation has already contributed to some reforms in the UK and this judgment will require the UK government to look again at its practices in this most critical of areas."

Advertisement - Article continues below

The Strasbourg-based court wrapped three separate challenges being made against the UK into one ruling, which was marked by an initial hearing in November 2017. Its final decision represents the most significant challenge to the government's intelligence gathering practices made to date.

The UK government has maintained its mass data collection practices, as revealed in the Edward Snowden leaks, are necessary to fight extremism.

But its Investigatory Powers Act 2016 which legalised many of these practices under domestic law was found to have violated European law in a UK High Court ruling earlier this year. The court gave ministers until 1 November 2018 to make changes to the legislation.

"The Investigatory Powers Act 2016 replaced large parts of the Regulation of Investigatory Powers Act (RIPA) which was the subject of this challenge," a government spokesperson told IT Pro. "This includes the introduction of a double lock' which requires warrants for the use of these powers to be authorised by a Secretary of State and approved by a judge.

"An Investigatory Powers Commissioner has also been created to ensure robust independent oversight of how these powers are used. The Government will give careful consideration to the Court's findings."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020