Blow for Snoopers Charter as EU court bans mass data collection
A legal challenge brought against DRIPA could take out its successor
The Snoopers Charter has a had a major setback with a court ruling saying that mass collection of emails and other communications data is illegal.
Last year, MP David Davis and MP Tom Watson -- respectively of the Conservatives and Labour -- brought a legal challenge regarding mass collection of data against the Data Retention and Investigatory Powers Act (DRIPA), which is set to expire at the end of the year and be replaced by the Investigatory Powers Act.
The duo won a high court challenge against DRIPA, but that was appealed by the government, leading the case to head to European courts. In the meantime, the government hurried to write a new law, ahead of the end-of-year sunset clause on DRIPA. Davis has since withdrawn from the case after being named Brexit minister.
That law was the Investigatory Power Act (IPA) -- commonly referred to as the Snoopers Charter -- that was waved through parliament by the Tories and Labour last month. The new laws included provisions requiring all communications firms to keep records of so-called metadata -- who we talk to online and when -- as well as a year of browsing history.
The European Court of Justice (CJEU) has ruled on the issue of bulk data collection in DRIPA, saying "general and indiscriminate retention" of such data is illegal, and traffic and location data can only be collected in a targeted manner to fight serious crime.
That ruling is bad news for the newly passed law. "The CJEU has sent a clear message to the UK Government: blanket surveillance of our communications is intrusive and unacceptable in a democracy," ORG executive director Jim Killock said. "The Government knew this judgment was coming but Theresa May was determined to push through her snoopers' charter regardless. The Government must act quickly to re-write the IPA or be prepared to go to court again."
The ruling highlights issues around the blanket collection of data, pointing out that the retained data is "liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained."
The judges conclude that fighting serious crime is the only justification for collecting such invasive data, saying "legislation prescribing a general and indiscriminate retention of data does not require there to be any relationship between the data which must be retained and a threat to public security."
"Such national legislation, therefore, exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society, as required by the directive, read in the light of the charter," the summary of the judgement reads.
Liberal Democrat Shadow Home Secretary Brian Paddick said: "This ruling proves that this Conservative Government has overstepped the mark. The legality of the Investigatory Powers Act - passed into law with Labour's full support - has now been called into question."
He added: "This dreadful piece of legislation will cost millions to implement and unless the Government reconsider, they will inevitably face further embarrassment in the courts."
A Home Office spokesperson said: "We are disappointed with the judgment from the European Court of Justice and will be considering its potential implications."
"It will now be for the court of appeal to determine the case. The government will be putting forward robust arguments to the court of appeal about the strength of our existing regime for communications data retention and access."
"Given the importance of communications data to preventing and detecting crime, we will ensure plans are in place so that the police and other public authorities can continue to acquire such data in a way that is consistent with EU law and our obligation to protect the public."
The MPs' legal challenge was backed by the Law Society, Liberty, Open Rights Group and Privacy International.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now