Theresa May wrong to pass spy law, and DRIPA opinion proves it—MP says
on
Get link
Facebook
X
Pinterest
Email
Other Apps
Deputy Labour leader says judicial oversight is crucial as he attacks PM's snoop tactics.
Glyn Moody
Politicians, lawyers, and civil
rights groups have slammed the UK government's present and future
surveillance laws in light of the advocate general's opinion
on the Data Retention and Investigatory Powers Act (DRIPA)—which said
that Theresa May's emergency spy law is legal if strong safeguards are
in place.
On closer analysis, the full text of AG Henrik
Saugmandsgaard Øe's views go much further in implicitly criticising the
UK's snooping approach than had been initially suggested by a press release put out by the Court of Justice of the European Union (CJEU) on Tuesday.
Labour's deputy leader Tom Watson—who, alongside Tory MP and the government's new Brexit chief David Davis—brought the original legal action
against the UK's DRIPA legislation, said: "This legal opinion shows the
prime minister was wrong to pass legislation when she was home
secretary that allows the state to access huge amounts of personal data
without evidence of criminality or wrongdoing."
Human rights group Liberty, which represented Watson in the courts, said
that if the CJEU judges agree with the advocate general’s opinion, "the
decision could stop the government’s fatally flawed Investigatory
Powers Bill in its tracks and mark a watershed moment in the fight for a
genuinely effective, lawful, and targeted system of surveillance that
keeps British people safe and respects their rights."
The home office unsurprisingly disputed the
claims. A Whitehall spokesperson told Ars: "The government’s view
remains that the existing regime for the acquisition of communications
data and the proposals in the Investigatory Powers Bill are compatible
with EU law."
Many of those responding to Tuesday's opinion emphasised the main finding
that "solely the fight against serious crime is an objective in the
general interest that is capable of justifying a general obligation to
retain data, whereas combating ordinary offences and the smooth conduct
of proceedings other than criminal proceedings are not."
Open Rights' Group executive director Jim Killock said:
The advocate general has stated
that data retention should only be used in the fight against serious
crime, yet in the UK there are more than half a million requests for
communications data each year. These do not only come from police but
also local councils and government departments. It is difficult to see
how the government can claim that these organisations are investigating
serious crimes.
Defining what exactly counts as "serious crimes" looks set to be a hot topic in the data retention debate.
"Serious crime includes theft of a Mars bar"
Law lecturer TJ McIntyre, who played a crucial role in winning the earlier CJEU surveillance case for Digital Rights Ireland, tweeted: "Serious crime must become an autonomous EU concept, then. In Irish law serious crime includes theft of [a] Mars bar."
The need for greater clarity was a point
picked up by Jan Philipp Albrecht, an expert on privacy and data
protection in the European Parliament who recently helped steer the GDPR through the EU. He told Ars:
While naming the various high requirements as
minimum standards and making clear that even if meeting those data
retention laws may still be unproportionate [the advocate general] fails
to deliver for clear indications whether and when these requirements
would not be met by a member states’ law.
We can only hope that the judges of the court
will not allow themselves to be that vague when interpreting the EU
fundamental rights vis-à-vis member states’ laws.
The full
opinion imposes some very stringent requirements that governments must
meet if their data retention schemes are to be legal, added McIntyre in a series of tweets.
He pointed out that the advocate general suggests that the safeguards
mentioned by the CJEU when delivering its verdict on the Digital Rights
Ireland case are all mandatory. These concern "access to the data, the
period of retention, and the protection and security of the data."
Data security is particularly relevant to the UK's IP Bill, which will require ISPs to retain highly personal information about their subscribers' Internet use on local databases.
Unless the security of these databases can be reasonably guaranteed,
use of so-called Internet Connection Records may fall foul of EU law, if
the CJEU judges follow the advocate general's reasoning on this issue.
Watson—who declined to comment when quizzed by Ars about Davis' exit from the DRIPA case following his appointment as Brexit secretary of state—also
flagged up another concern: "The opinion makes it clear that
information including browsing history and phone data should not be made
available to the security services and other state bodies without
independent authorisation," he said.
"The security services have an important job
to do, but judicial oversight is vital if we are to maintain the right
balance between civil liberties and state power."
Privacy International agreed: "All access to
our data, including communications data, must be authorised by an
independent authority such as a judge."
Killock also fretted about this aspect. The
ORG boss said: "If the IP Bill is passed, data will be able to be
analysed without a warrant through an intrusive tool known as the
Request Filter."
As comments from different quarters suggest,
the advocate general's opinion seems to offer plenty of scope for legal
challenges to the IP Bill, provided the judges at Europe's highest court
agree with his views. The fact that it is strongly rooted in the CJEU's
reasoning in the Digital Rights Ireland case appears to make this more
likely.
The final judgment is expected in a few
months, at which point the DRIPA case will be passed back to the UK
courts to consider in light of the CJEU's ruling on the underlying law.
Comments
Post a Comment