Court of Appeal Deals Blow to UK ISP Internet Snooping Law

The Court of Appeal has today dealt a blow to the UK Government’s internet snooping ambitions. The ruling effectively finds it unlawful to collect the nation’s internet activity and phone records, while letting public bodies grant themselves access to these personal details with no suspicion of serious crime.

All of this stems from a late 2016 ruling by the Court of Justice of the European Union (CJEU), which warned that EU law does not allow “general and indiscriminate retention of traffic data and location data,” except for “targeted” use against “serious crime” (here).

In keeping with that Tom Watson MP and Liberty, a human rights group, used the ruling as a basis for their £53K crowd-funded challenge against the temporary Data Retention and Investigatory Powers Act (DRIPA). The DRIP Act expired at the end of 2016, although much of it was later replicated as part of the wider ranging 2016 Investigatory Powers Act (IPAct).

The IPAct contains a variety of measures, such as one that forces broadband ISPs to store (for up to 12 months) comparatively detailed Internet Connection Records (e.g. details of all the websites / servers you’ve visited) about all of their customers, which can then be supplied to a valid authority without a warrant (here). This occurs irrespective of whether or not you’re even suspected of a crime.

However the Court of Appeal judges today found that DRIPA could be said to have breached British people’s rights because, among other things, it did not restrict access to this data, in the context of the investigation and prosecution of crime, to the purpose of fighting serious crime.

On top of that the court noted that DRIPA also allowed police and public bodies to authorise their own access, instead of subjecting access requests to prior authorisation by a court or independent body.

Tom Watson MP said:

“This legislation was flawed from the start. It was rushed through Parliament just before recess without proper parliamentary scrutiny.

The Government must now bring forward changes to the Investigatory Powers Act to ensure that hundreds of thousands of people, many of whom are innocent victims or witnesses to crime, are protected by a system of independent approval for access to communications data. I’m proud to have played my part in safeguarding citizen’s fundamental rights.”

At this point the Government would no doubt argue that they’ve already moved to soften the IPAct with a series of changes (here). However Liberty claims that those changes “do not even fully comply with past court rulings requiring mandatory safeguards – and they continue to allow public bodies to indiscriminately retain and access personal data, including records of internet use, location tracking using mobile phones and records of who we communicate with and when.”

Liberty is currently challenging the IPAct in a major separate case, which is due to be heard in the High Court later this year.