British judge: law for storing communication data is illegal
A British appeals court has ruled that the Data Retention and Investigatory Powers Act, a British law from 2014 that obliges ISPs and mobile providers to store telephone and internet data for 12 months in the context of criminal investigations, is illegal.
The Court of Appeal has ruled that the Data Retention and Investigatory Powers Act violates EU rules because it does not restrict access to calling and browsing data during criminal investigations into serious crimes. This could allow political and other authorities to access the data without adequate oversight in the form of a judge or an independent body, reports The Guardian.
The case was brought by the second man of the British Labor political party, Tom Watson. According to him, the law was not well drafted from the start and the regulations were rushed through parliament just before the recess without properly looking at it.
The Home Office, the British ministry that deals with security, among other things, made a number of changes in November 2017, which means that senior police officers are no longer allowed to access confidential communications data. According to Watson, these changes do not go far enough. The Court of Appeal has not commented on these changes, as their legality is already subject to pending proceedings before the European Court of Justice.
The Data Retention and Investigatory Powers Act dates from 2014 and in 2015 a British judge already ruled that this law violates EU law. The Home Office appealed this decision. At the end of 2016, the European Court of Justice already ruled that the bulk collection of call data and online messages is not allowed.
In 2016, the Data Retention and Investigatory Powers Act was replaced by the Investigatory Powers Act. According to Liberty, a UK-based human rights organization, the Court of Appeal’s ruling means that this new 2016 law must also be partially invalidated. This act is also referred to in the British media as the Snooping Charter because of its far-reaching surveillance measures. This law states that operators must provide the ability to provide communications and secondary data in ‘near real time’ upon legitimate requests.