CNET también está disponible en español.

Ir a español

Don't show this again

Internet

UK data retention scheme ruled unlawful

As Australia faces a future with mandatory data retention laws, the UK High Court has ruled that Britain's DRIPA data retention scheme is "inconsistent" with European law.

Image by Dennis Skley, CC BY-ND 2.0

Just months after Australia passed mandatory data retention laws, similar laws in Britain have been ruled unlawful by the UK's High Court of Justice, after the digital surveillance scheme was deemed "inconsistent with European Union Law."

Pushed through Parliament in 4 days and passed into law in July 2014, the Data Retention and Investigative Powers Act allows the UK's Home Secretary, a senior government minister, to issue notices to carriage service providers requiring them to retain telecommunications and Internet data.

The retention notice may be handed down for any number of reasons, including interests of "national security," "public safety" or "the economic well-being of the United Kingdom," or for reasons such as "preventing or detecting crime."

Australia's data retention laws were introduced by the Federal Government in August 2014 with a similar focus on national security concerns, though discourse later shifted to advancing criminal investigations through access to metadata. Both UK and Australian Government officials have also raised the spectre of threats to public security if access to this kind of communications data is lost.

Unlike Australian laws, which mandate the retention of data for two years, British telecommunications providers are not be required to retain data unless they have been issued with an official retention notice. But once this notice is given, providers will be required to retain everything from Internet and webmail records to call and SMS data.

However, in a judgement handed down on Friday [PDF], the UK's High Court, one of the region's senior courts, ruled the scheme contravened European Union law and must be "disapplied" in the UK by March 2016. The court found access to data under DRIPA was not sufficiently restricted and that the process lacked independent prior approval.

The High Court decision has reignited debate on digital civil liberties and government surveillance. It has significant implications for data retention in Britain and Europe, as well as other countries with government-sanctioned data collection schemes, such as Australia and the US.

Data retention has faced stiff opposition in Australia since it passed into law in March, while in the US, the National Security Agency's bulk collection of telephone data has been subject to legal action. The High Court judgement follows similar action across Europe, with a Dutch court in The Hague ruling in March to strike down laws requiring telecommunications companies to retain data on customers for up to 12 months.

The case in the UK was brought by Conservative Member of Parliament David Davis and Labour MP Tom Watson, alongside civil liberties campaigners Peter Brice and Geoffrey Lewis, who raised concerns about "the width of the powers to retain and gain access" to data under DRIPA.

At its heart, the case examined whether or not the data retention scheme went against the Charter of Fundamental Rights of the EU, as interpreted by the Court of Justice of the European Union. The Charter stipulates that "everyone has the right to respect for his or her private and family life, home and communications" and "everyone has the right to the protection of personal data concerning him or her."

In their judgement, Lord Justice Bean and Justice Collins alluded to the concerns of scope creep and independent oversight raised during debate on data retention in Australia, particularly by Greens Senator Scott Ludlam.

Justices Bean and Collins found that DRIPA does not include "clear and precise rules" that restrict the use of retained data to investigating "precisely defined serious offences." Similarly, they concluded that authorities were not required to "seek prior independent review in order to obtain communications data" -- removing the potential for adequate oversight.

In response to the judgement, Home Office Minister of Security John Hayes said lives could be at risk if law enforcement agencies lost access to metadata.

"I think ordinary people want the police, the agencies, to have the powers to access information to protect vulnerable people," he told BBC Radio 4. "There is a risk here of giving succour to the paranoid liberal bourgeoisie whose peculiar fears are placed ahead of the interests of the people."

However one of the politicians responsible for bringing the action, Conservative MP David Davis, said the laws were pushed through Parliament based on an "entirely bogus emergency" and that metadata was being accessed without sufficient cause or adequate oversight.

"[The government] didn't allow any debate of what this metadata is used for," he said. "They make assertions that this is to catch paedophiles or terrorists -- they don't say it's [for] motoring offences."

The Home Secretary, Theresa May, has sought leave to appeal the High Court decision. Thanks to a sunset clause written into the original DRIPA legislation, the Act was set to expire in December 2016, though the court has ordered it must now be rewritten by March 31, 2016.