ExpressVPN

UK government still enforces data retention despite EU court ruling

In 2006 the EU adopted the mandatory Data Retention Directive, a heinous piece of legislation that required all European ISPs and communications providers to keep large amounts of data for at least 12 months (18 month under the UK implementation), including enough information to:

  • trace and identify the source of a communication
  • trace and identify the destination of a communication
  • identify the date, time and duration of a communication
  • identify the type of communication
  • identify the communication device
  • identify the location of mobile communication equipment

The UK government transposed the DRD into local law in 2009 (under the last Labour government), and allowed a surprisingly wide range of agencies access to the information, including:

  • All regional Police forces
  • National Criminal Intelligence Service
  • Serious Organised Crime Agency)
  • HM Customs and Excise
  • Inland Revenue (the latter two have been merged into HM Revenue and Customs)
  • Security Service
  • Secret Intelligence Service
  • Government Communications Headquarters
  • Food Standards Agency
  • Local Authorities
  • The National Health Service

Even worse, the list of justifications for which the above agencies are allowed to access this information is similarly broad. They include in order to:

  • trace and identify the source of a communication
  • trace and identify the destination of a communication
  • identify the date, time and duration of a communication
  • identify the type of communication
  • identify the communication device
  • identify the location of mobile communication equipment

In 2009 the UK government (and authorised agencies) made over half a million requests for communications data, but has now stopped making these numbers public.

In April this year, the EU’s highest court, the European Court of Justice (ECJ), declared the directive invalid on the grounds that,

By requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and  to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance.

Despite this unequivocal and very strongly worded ruling, few EU countries have made any effort to remove implantation of the directive from local legislation, including the UK. Home Office minister James Brokenshire even went so far as to explicitly instruct telecoms providers that they ‘should continue to observe their obligations as outlined in any notice,’ regardless of the ECJ ruling.

Unsurprisingly, the Home Office has defended its actions using the well-rehearsed (but entirely unproven) ‘national security depends on it’ line,

‘[The department] is looking at the issue as a matter of urgency, and deciding what steps need to be taken to ensure public authorities can continue to access communications data… However, we have advised communications service providers that the UK Data Retention (EC Directive) Regulations 2009 remain in force… The retention of communications data is absolutely fundamental to ensure law enforcement have the powers they need to investigate crime, protect the public and ensure national security.

The government argues that although the law has been struck down at the EU level, this does not automatically invalidate the UK’s implementation. This may strictly speaking be true, but the EU ruling puts the UK law on very shaky ground, and as Jim Killock of the Open Rights Group pointed out to BuzzFeed UK, all that might being required is a simple legal challenge,

Until somebody goes to the court and says, “No, the law doesn’t really exist,” the government can continue to pretend that it does. The companies don’t need the data but the government is insisting that they keep it.

BuzzFeed contacted various telecoms companies about the issue, and they all mirrored Virgin Media spokesperson Emma Hutchinson’s response that ‘we are seeking clarification on what this [EU ruling] means for us under U.K. law.’


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


Leave a Reply

Your email address will not be published. Required fields are marked *