Britain's Data Retention and Investigative Powers Act has been ruled unlawful by the UK's High Court of Justice, after the digital surveillance scheme was deemed "inconsistent with European Union Law."
Pushed through Parliament in 4 days and passed into law in July 2014, DRIPA allows the UK's Home Secretary, a senior government minister, to issue notices to carriage service providers requiring them to retain telecommunications and Internet data.
The retention notice may be handed down for any number of reasons, including interests of "national security," "public safety" or "the economic well-being of the United Kingdom," or for reasons such as "preventing or detecting crime."
However, in a judgement handed down on Friday [PDF], the High Court, one of the country's senior courts, ruled the scheme contravened European Union law and must be "disapplied" in the UK by March 2016. The court found access to data under DRIPA was not sufficiently restricted and that the process lacked independent prior approval.
The High Court decision has reignited debate on digital civil liberties and government surveillance. It has significant implications for data retention in Britain and Europe, as well as other countries with government-sanctioned data collection schemes, such as Australia and the US.
Data retention has faced stiff opposition in Australia since it Dutch court in The Hague ruling in March to strike down laws requiring telecommunications companies to retain data on customers for up to 12 months., while in the US, the has been subject to legal action. The High Court judgement follows similar action across Europe, with a
The case in the UK was brought by Conservative Member of Parliament David Davis and Labour MP Tom Watson, alongside civil liberties campaigners Peter Brice and Geoffrey Lewis, who raised concerns about "the width of the powers to retain and gain access" to data under DRIPA.
At its heart, the case examined whether or not the data retention scheme went against the Charter of Fundamental Rights of the EU, as interpreted by the Court of Justice of the European Union. The Charter stipulates that "everyone has the right to respect for his or her private and family life, home and communications" and "everyone has the right to the protection of personal data concerning him or her."
In their judgement, Lord Justice Bean and Justice Collins alluded to the concerns of scope creep and independent oversight that have plagued data retention schemes across the world.
Justices Bean and Collins found that DRIPA does not include "clear and precise rules" that restrict the use of retained data to investigating "precisely defined serious offences." Similarly, they concluded that authorities were not required to "seek prior independent review in order to obtain communications data" -- removing the potential for adequate oversight.
In response to the judgement, Home Office Minister of Security John Hayes said lives could be at risk if law enforcement agencies lost access to metadata.
"I think ordinary people want the police, the agencies, to have the powers to access information to protect vulnerable people," he told BBC Radio 4. "There is a risk here of giving succour to the paranoid liberal bourgeoisie whose peculiar fears are placed ahead of the interests of the people."
However one of the politicians responsible for bringing the action, Conservative MP David Davis, said the laws were pushed through Parliament based on an "entirely bogus emergency" and that metadata was being accessed without sufficient cause or adequate oversight.
"[The government] didn't allow any debate of what this metadata is used for," he said. "They make assertions that this is to catch paedophiles or terrorists -- they don't say it's [for] motoring offences."
The Home Secretary, Theresa May, has sought leave to appeal the High Court decision. Thanks to a sunset clause written into the original DRIPA legislation, the Act was set to expire in December 2016, though the court has ordered it must now be rewritten by March 31, 2016.