The UK’s new surveillance laws, overseen by current Prime Minister Theresa May before she rose to the top office, have received a blow from the EU’s highest court.
The UK has a reputation for an enthusiastic pursuit of added surveillance. The latest Investigatory Powers bill, otherwise known as the Snooper’s Charter, is the latest, most extreme phase of the trend.
However, complaints made by members of the UK parliament have made it right to the top of the EU’s legal framework, where the Court of Justice for the European Union (CJEU) has ruled against the bill.
Calling any attempts to achieve “general and indiscriminate retention of traffic data and location data” as illegal, the landmark ruling is a blow to the UK prime minister, given that it was in her former role as home secretary that the Snooper’s Charter was formed.
It replaced the Data Retention and Investigatory Powers Act in 2014, with the former also found illegal by the EU. On both occasions, the CJEU was acting after complaints made by politicians David Davis and Tom Watson.
“In today’s judgment, the Court’s answer is that EU law precludes national legislation that prescribes general and indiscriminate retention of data,” reads the ruling.
“With respect to retention, the retained data, taken as a whole, is liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained.
“The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious.”
The CJEU claims that any state legislation that allows for such data retention simply “does not require” any relationship that links the data haul and potential public security threats.
As it’s not targeted in any geographic way, or at specific persons, it’s limitless.
“Such national legislation therefore exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society.”
Roberto Viola, director general of DG Connect at the European Commission, recently spoke to Siliconrepublic.com about the great strides he feels the EU has made with regard to data retention.
Viola said we should be “proud” of what has been achieved in Europe, with the same rules for everyone, the rule of law and respect for fundamental rights a trio of areas he’s happy with.
Thus, the CJEU is protective over what is legally permitted in the EU, and what is not.
UK and EU divide
“Once again, we are reminded that the UK’s position on data protection is at complete odds to our EU counterparts,” said Robert Bownes, director of communications at Profusion.
Bownes noted the largely separate UK, US and EU attempts to rewrite data protection rules, without the tech community’s input.
“On one hand, the UK and US seem hell-bent on eroding the privacy rights of users,” he said, “while on the other hand, the ECJ [and] most European governments take the polar opposite view and are trying to do more to boost the rights of individuals online.”