Driven by data; ridden with liberty.
With the amount of legislative directives billowing from the European Commission, it was only a matter of time before two laws were ruled to contradict one another. In April, the European Court of Justice (ECJ) declared the EU’s Data Retention Directive to be invalid.
The 2006 Data Retention Directive required communication companies to record all traffic and location statistics of all citizens – including internet access, e-mails, internet telephone calls and instant messages – for a period of at least six months, but less than 24 months. To use e-mails as an example, the content of these messages is not kept, but the metadata of the e-mails is: such as the e-mail addresses that it is sent to and from, the sending and receiving location, and the sending time is retained. This directive sought to harmonise similar laws across the European Union (EU) member states. The last Labour government enacted this directive in 2009, with a data retention period of 12 months.
The ECJ invalidated the Data Retention Directive for five reasons. Firstly, the general and indiscriminate collection of all traffic data of all citizens across all forms in electronic communication contravenes the privacy of those citizens, as well as the protection of their personal information. Moreover, there is no differentiation made between citizens, despite the requirement’s objective of combatting, detecting and preventing serious crime. As such, the law violates the “principle of proportionality” described in the European Convention of Human Rights. Secondly, the directive’s data retention period makes no reference to the different categories of data or how this data might be used. Thus, communication companies have no requirement to only retain the traffic that is strictly necessary.
Thirdly, the directive does not ensure that the competent and relevant national authorities have access to this metadata, nor is there a specific mandate to utilise the communications metadata to pursue serious criminal prosecutions. The directly simply refers to ‘serious crime’, leaving it to national governments to discern what serious crimes merit this personal intrusions – which is another violation of the proportionality principle. Fourthly, this absence of assurance means data retention requisites are open to grotesque abuse. A similar law, the Regulation of Investigatory Powers Act 2000 (RIPA), has been used overbearingly. Poole Borough Council officials called upon its endowed powers under the RIPA to track a family and their movements, to discern whether the family was living in the correct catchment area for their children’s school. Finally, even though the Data Retention Directive applies to the EU, it does not obligate the retained data is kept within the EU.
(Video: DailyMail FEMAIL)
Despite the ECJ’s ruling in April, the British government will now enact ‘emergency’ legislation to maintain its ability to collect all of this metadata. This is in response to a High Court ruling about its continued communication data requirements. It is the role of courts in a liberal democracy to define the proper limits of government power. Whilst the British government seeks to indiscriminately accumulate electronic metadata from across the population, this mandate on telecommunication companies and internet service providers has rightly been deemed disproportionate.
In praise of the Liberal Democrats and Labour, they have demanded numerous ameliorations of this emergency legislation. The Privacy and Civil Liberties Oversight Board to scrutinise its impact on privacy and civil liberties, the government will issue annual transparency reports into the use of these powers and there will be a ‘sunset’ clause, meaning this emergency law will expire at the end of 2016.
Either there is a huge wastage from the government pointlessly grabbing the electronic metadata of innocent citizens, or we are a nation of suspects.