» ISP News » 

EU Court Adviser Says UK Internet Spying Law Needs “Strict” Safeguards

Tuesday, July 19th, 2016 (10:49 am) - Score 558

The Advocate General for the Court of Justice of the European Union (CJEU) has said that the UK Government’s ‘Data Retention and Investigatory Powers Act’ (DRIP), which is a temporary precursor to the new Internet spying ‘Investigatory Powers Bill’ (IPBill), “may be compatible with EU law“.. with “strict” safeguards.

The DRIP Act was rushed into law in 2014 after the previous Regulation of Investigatory Powers Act 2000 (RIPA), which enabled the security services to snoop on telecoms and Internet services, was declared “invalid” by the European Court of Justice (here and here) because it breached the “fundamental right to respect for private life and the fundamental right to the protection of personal data“.

Under the plan DRIPA would exist as temporary legislation in order to keep the old RIPA law alive and it would expire at the end of 2016 (details), which is when the Government hoped to replace it with their new and much more extensive Investigatory Powers Bill (here).

However two ministers, David Davis MP (Conservative) and Tom Watson MP (Labour), opposed the apparent attempt to circumvent the ECJ ruling (DRIP was effectively RIPA with a few tweaks) and subsequently joined with civil rights groups in order to launch a Judicial Review of the law.

Last year the Divisional Court agreed that EU law requires an independent approval to access a person’s communications data, which was based off an earlier judgement in the Digital Rights Ireland case. The court initially advised that the following issues be resolved and then adopted into the DRIPA law by March 2016 (here).

Divisional Court Findings – Sections 1 and 2 of DRIPA:

* Both fail to provide clear and precise rules to ensure data is only accessed for the purpose of preventing and detecting serious offences, or for conducting criminal prosecutions relating to such offences.

* Access to data is not authorised by a court or independent body, whose decision could limit access to and use of the data to what is strictly necessary. The ruling observed that: “The need for that approval to be by a judge or official wholly independent of the force or body making the application should not, provided the person responsible is properly trained or experienced, be particularly cumbersome.”

The ruling could have made it difficult for the security services to conduct blanket surveillance of all citizens and it required more than a small change to the temporary legislation. Naturally the Government was concerned about this and lodged an appeal, which ended up questioning whether or not a past judgement in the Digital Rights Ireland case could be used as a basis for deciding the Judicial Review. The Court of Appeal then referred the issue back to the CJEU for clarification.

Court of Appeal Summary (20th Nov 2015)

In these circumstances we have come to the conclusion that we should refer the following questions to the CJEU:

(1) Did the CJEU in Digital Rights Ireland intend to lay down mandatory requirements of EU law with which the national legislation of Member States must comply?

(2) Did the CJEU in Digital Rights Ireland intend to expand the effect of Articles 7 and/or 8, EU Charter beyond the effect of Article 8 ECHR as established in the jurisprudence of the ECtHR?

We consider that the answers to these questions of EU law are not clear and are necessary in order for us to give judgement in these proceedings. For the reasons set out above, we exercise our discretion in favour of making a reference to the CJEU.

Today the CJEU’s Advocate General gave his NON-BINDING opinion on the legal challenge to DRIPA and, in a blow to the case, ruled that “a general obligation to retain data may be compatible with EU law“. However he also added that this would need to satisfy “strict requirements” and it is for the UK’s own national court system to determine whether those are being satisfied or not.

Henrik Saugmandsgaard Øe, CJEU Advocate General, said:

“First, the general obligation to retain data and the accompanying guarantees must be laid down by legislative or regulatory measures possessing the characteristics of accessibility, foreseeability and adequate protection against arbitrary interference.

Secondly, the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data laid down by the Charter.

Thirdly, the Advocate General notes that EU law requires that any interference with the fundamental rights should be in the pursuit of an objective in the general interest. He considers that solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not.

Fourthly, the general obligation to retain data must be strictly necessary to the fight against serious crime, which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights. Furthermore, the Advocate General points out that that obligation must respect the conditions set out in the judgment in Digital Rights Ireland as regards access to the data, the period of retention and the protection and security of the data, in order to limit the interference with the fundamental rights to what is strictly necessary.

Finally, the general obligation to retain data must be proportionate, within a democratic society, to the objective of the fight against serious crime, which means that the serious risks engendered by that obligation within a democratic society must not be disproportionate to the advantages it offers in the fight against serious crime.”

The opinion carries with it a lot of weight and appears to support the calls for DRIP to only focus on serious crime, which is something that the UK courts will have to factor as that was the purpose of the whole exercise. On the other hand it’s by no means the knock-out blow that David Davis and Tom Watson might have originally hoped to achieve.

Mind you David Davis has this week withdrawn from the case, which is hardly surprising because he was recently appointed by new Prime Minister, Theresa May, to become the new Secretary of State for Brexit. Yes, the very person who he fought so valiantly against over DRIP has now appointed him to a role for leaving the EU, fun times indeed.

Jim Killock, Executive Director of Open Rights Group, said:

“The Advocate General has stated that data retention should only be used in the fight against serious crime, yet in the UK there are more than half a million requests for communications data each year. These do not only come from police but also local councils and government departments. It is difficult to see how the Government can claim that these organisations are investigating serious crimes.

The Opinion calls for strict safeguards yet in the UK, there is currently no judicial authorisation in the UK – police, local authorities and government departments can get internal sign off to access data. If the IP Bill is passed, data will be able to be analysed without a warrant through an intrusive tool known as the request filter.

It may be too late to end data retention under DRIPA, which expires at the end of the year, but the Government has the opportunity to ensure that the IP Bill complies with EU law. In particular, they should end the extension of mass data retention proposed in the Bill, which would see the UK become one of the only democracies to record its citizens’ web browsing history and provide a police search engine to scour it.”

At this point some might be wondering whether or not the vote to leave the EU will make all of this irrelevant and grant the UK Government free region to do as it pleases, although in order for the UK to continue doing business / sharing data with the EU then we might still have to sign-up to much of the same legislation. In any case that is still a few years away.

However perhaps the biggest question is over what impact this might have on the forthcoming IPBill, which proposes to go a lot further than DRIP. The Government may yet seek to reduce any conflict by stiffening its safeguards, but we’ll have to wait and see. One way or another, DRIP comes to an end this year.

UPDATE 4:51pm

The ISPA UK Chair, James Blessing, said: “The Opinion of the Advocate General, whilst non-binding, raises serious questions about UK data retention legislation. It calls into question some aspects of the Investigatory Powers Bill and ISPA therefore calls on the Home Office needs to ensure the legal framework around data retention is fully compliant with the final court judgement. It is vital to give industry certainty on what the rules are, maintain user confidence in online services and avoid another round of lengthy legal proceedings.”

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
2 Responses
  1. timeless says:

    the Conservatives are a law unto themselves.. any EU ruling or ruling by our own courts will be completely ignored.. l think the election fraud scandal is more than proof enough that Cons will go to any lengths to get their own way..

    not to mention the guise of anti-terrorism is just that.. because by the time mass surveillance has been implemented alleged terrorists will have found more discrete methods of communication which only leaves spying on the stupid and using these new powers to stop protests before they happen.. because lets face if you know who is organising a protest you only need stop those ppl before it gets out of the organising phase.

  2. kds says:

    is it that we voted to come out of EU, safeguards to normal people wtf, we dont need that, we let our government who paid by the large companies to do that 😀

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £19.50 (*22.50)
    Speed 38Mbps, Unlimited
    Gift: None
  • NOW £20.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • Hyperoptic £20.00 (*25.00)
    Speed 50Mbps, Unlimited
    Gift: Promo Code: BIRTHDAY10
  • Shell Energy £21.99 (*30.99)
    Speed 35Mbps, Unlimited
    Gift: None
  • Plusnet £22.00 (*38.20)
    Speed 36Mbps, Unlimited
    Gift: £60 Reward Card
Large Availability | View All
Cheapest Ultrafast ISPs
  • Gigaclear £24.00 (*49.00)
    Speed: 300Mbps, Unlimited
    Gift: None
  • Vodafone £24.00 (*27.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Community Fibre £25.00 (*27.50)
    Speed: 200Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: Promo Code: BIRTHDAY10
  • Virgin Media £28.00 (*52.00)
    Speed: 108Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3552)
  2. BT (3021)
  3. Politics (1935)
  4. Building Digital UK (1924)
  5. FTTC (1887)
  6. Openreach (1834)
  7. Business (1690)
  8. Mobile Broadband (1478)
  9. Statistics (1408)
  10. FTTH (1365)
  11. 4G (1276)
  12. Fibre Optic (1172)
  13. Virgin Media (1167)
  14. Wireless Internet (1159)
  15. Ofcom Regulation (1147)
  16. Vodafone (845)
  17. EE (834)
  18. 5G (770)
  19. TalkTalk (769)
  20. Sky Broadband (747)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact