news The English High Court appears to have struck down the United Kingdom’s hastily enacted data retention bill due to its lack of compliance with European laws, in a move that may force the UK Government to add extra safeguards into its approach to the retention of telecommunications data.
The Data Retention and Investigatory Powers Act 2014 received Royal Assent on 17 July last year. Similar to Australia’s own Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015, which passed locally earlier this year, the UK bill allowed government security agencies to access the phone and Internet records of individuals under certain conditions.
It was pushed through the UK Parliament in only four days, with the Government arguing at the time that the legislation was needed to fill gaps after the EU Court of Justice ruled the existing EU Directive on Data Retention invalid.
However, as with the Australian legislation, there has been heavy criticism of the UK bill, with critics highlighting what they saw as the rushed passage of the bill and its lack of an appropriate balance between the needs of security and privacy.
Last week, the country’s High Court upheld a legal challenge to the bill by a number of UK MPs from different sides of the political fence, who had claimed that the bill was not compatible with UK and European human rights legislation.
In its judgement, available online, the court found that Section 1 of the bill was inconsistent with European Union law, as it did not lay down clear and precise rules providing that access to and use of retained telecommunications data be strictly restricted to purposes relating to serious offences. In addition, the Court was not happy about the fact that access to the telecommunications data was not dependent upon a prior review by a court or an independent administrative body.
These issues are mirrored in the Australian legislation, which similarly does not limit access to retained data for use in investigating serious offences. Similarly, no independent oversight is applied in Australian cases.
Due to these issues, the Court ruled that Section 1 of the DRIPA Act could not be applied, rendering the law unusable.
Carly Nyst, the legal director of Privacy International, which was also involved in the case, immediately welcomed the ruling in an article for The Guardian. Nyst argued:
“This finding represents a leap forward in privacy protection for ordinary Britons. Long have privacy advocates argued that communications metadata deserves stronger protections. Subjecting access to that data to the scrutiny of an independent judge gives metadata the protection it deserves, ensuring that each instance be judged on its necessity and proportionality. This is a step forward in keeping with the increasing value of even isolated pieces of data in an era of ubiquitous digital devices.”
However, the ruling may prove little more than an opportunity for the UK Government to re-group and update its legislation, with the Court having suspended the effect of its judgement to give the Government time to re-legislation the data retention legislation.
The news comes as a number of other EU jurisdictions have also recently struck down their data retention legislation in the wake of the EU Court of Justice decision invalidating the previous EU Data Retention Directive.
In the wake of last week’s UK ruling, David Anderson, the UK’s Independent Reviewer of Terrorism Legislation, wrote on his website that national courts in the Netherlands, Belgium. Austria, Slovenia and Romania had all recently struck down data retentiuon legislation.
Some background for this article came from the blog of Australian technology lawyer Leanne O’Donnell. We recommend you subscribe to O’Donnell’s blog and follow her on Twitter to stay up to date with technology-related legal developments.
We doubt that Federal Attorney-General George Brandis will be excessively happy about this one. Senator Brandis and others have regularly highlighted the UK Government’s quick action on data retention legislation as evidence for why the Australian Parliament needed to rush through its own legislation. And, on paper the ruling would indeed appear to represent a significant win for critics of data retention regimes.
However, in a deeper sense what we are seeing here is not a move which is going to significantly alter the data retention landscape globally.
The UK High Court is clearly aware that the Government will not suffer its data retention legislation to die in a ditch permanently. The legislation is too important to law enforcement agencies. Due to this, what will occur is that the UK Government will merely amend its bill to make it more compliant with whatever EU legislation it needs to echo, then re-introduce it.
We are not seeing a wholesale rejection of the concept of data retention here. Instead, what we are seeing is a maturation of data retention regimes so that they can better balance the needs of civil society with law enforcement.
If a similar High Court ruling occurred in Australia, we would see a very similar situation. The proof of this is the willingness of both the Government and the Opposition to join together in June this year to rush laws through Parliament which aimed to negate a pending High Court judgement which could potentially have ended offshore processing of asylum seekers.