The UK government is told it would be unlawful to create a law that requests internet service providers to retain user’s data for 12 months across the board. On Wednesday 21 December 2016, the Court of Justice of the European Union (CJEU) ruled that it would be unlawful for the UK to enact laws that “provide for general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication” in order to help fight crime.
The court disallowed national laws that compel data preservation, “as a preventive measure” even if the purpose of the law is to fight “serious crime”.
The European court also said that there must be a specific reason for data retention requests and that it was unlawful for the UK to create general data retention laws simply as a preventative measure.
Fortunately, our safety is not entirely in the hands of European judges so this ruling is unlikely to make much of a difference to the high level of government snooping that is going on in this country.
Under the Investigatory Powers Act, UK authorities, such as intelligence agencies and law enforcement bodies were authorized to require the help of telecoms companies in tackling serious crime and protecting the UK’s economic interests, among other priorities listed in the legislation.
The Act permitted the security agencies to order internet service providers to retain data, disclose it, intercept communications, or assist with equipment interference. The Act was brought in, in addition to their already existing powers to have a qualified right to obtain personal datasets in bulk for national security reasons under warrants that would be issued by UK ministers.
The Investigatory Powers Act was intended to regulate and place limits on the powers of the UK security agencies and to bring their activities within a closer scrutiny of Parliament.
The ruling by the CJEU, effectively rendered the Investigatory Powers Act unlawful which means that the security agencies will continue to request data retention and disclosures outside the Act of Parliament and under the qualified right to obtain personal datasets in bulk and other emergency warrants, which means their activities will remain far less accountable.
This of course means less privacy to UK citizens rather than more but who really cares? After all, Facebook, Google, Twitter and Yahoo snooping is lawful just because we clicked “yes” to their Terms and Conditions which most of us never read anyway. The security services on the other hand don’t have an App or Terms and Conditions in small print but at least their snooping is done for the purpose of keeping us safe and secure. I say, let them do their job and let our Parliament keep them under control.