Article contents
Is the incompatibility of UK data retention law with EU law really a victory?
Published online by Cambridge University Press: 11 December 2020
Abstract
The Court of Justice of the European Union (ECJ) in 2014 ruled in Digital Rights Ireland that the Data Retention Directive was invalid for exceeding the limits of proportionality in light of Articles 7, 8 and 52(1) of the EU Charter of Fundamental Rights (Charter). Subsequently, preliminary references from the England and Wales Court of Appeal and the Swedish Administrative Court of Appeal sought clarification from the ECJ as to whether EU law permitted a general obligation to retain traffic data covering all persons, all means of electronic communication and all traffic data without any distinctions, limitations or exceptions for the purpose of combating crime. The ECJ in Tele2 and Watson ruled that in light of Articles 7, 8, 11 and 52(1) of the Charter, EU Member States were precluded from adopting national measures which provided general and indiscriminate retention of traffic and location data of all subscribers and registered users relating to all means of electronic communication. The ECJ also ruled that Member States were only permitted to adopt data retention measures for the purpose of fighting serious crime, and only when access to retained data was subject to prior review by a court or an independent administrative body.
In 2018, the issue of the UK's data retention regime envisaged in Part 4 of the Investigatory Powers Act 2016 came before the England and Wales High Court. The High Court ruled that Part 4 was incompatible with EU law because access to retained communications data was not limited to the purpose of fighting serious crime, and it was not subject to prior review by a court or an independent administrative body. This judgment was regarded by the claimants, Liberty, as a ‘landmark victory for privacy rights’. However, this paper questions whether certain aspects of the High Court ruling are indeed a victory, by assessing its compatibility with EU law and the European Convention on Human Rights (ECHR).
Keywords
- Type
- Research Article
- Information
- Copyright
- Copyright © The Author(s), 2020. Published by Cambridge University Press
References
1 Joined Cases C-293/12 and C-594/12, Digital Rights Ireland Ltd v Seitlinger and Others [2014] 3 WLR 1607, Opinion of Cruz Villalón, para 73.
2 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ 2006 L 105/54.
3 Charter of Fundamental Rights of the European Union, OJ 2000 C364/01 and OJ 2010 C83/389.
4 Opinion of Saugmandsgaard Øe in Joined Cases C-203/15 and C-698/15, Tele2 Sverige AB and Watson and Others [2016] ECR I-572, para 5.
5 Joined Cases C-203/15 and C-698/15, Tele2 Sverige AB and Watson and Others [2017] 2 WLR 1289, para 51.
6 Ibid, para 134(1).
7 Ibid, para 134(2).
8 Liberty v Secretary of State for the Home Department and Others [2018] 3 WLR 1435.
9 Ibid, para 186.
10 Liberty ‘Liberty wins first battle in landmark challenge to mass surveillance powers in the Investigatory Powers Act’ 27 April 2018, https://www.libertyhumanrights.org.uk/issue/liberty-wins-first-battle-in-landmark-challenge-to-mass-surveillance-powers-in-the-investigatory-powers-act/ (accessed 4 November 2020).
11 M White ‘Data retention incompatible with EU law: victory? Victory you say?’ 24 May 2018, https://eulawanalysis.blogspot.com/2018/05/data-retention-incompatible-with-eu-law.html (accessed 4 November 2020).
12 Explanatory Notes to the Investigatory Powers Act 2016, para 1.
13 T May ‘Home Secretary: publication of the draft Investigatory Powers Bill’ 4 November 2015 https://www.gov.uk/government/speeches/home-secretary-publication-of-draft-investigatory-powers-bill (accessed 4 November 2020).
14 Tom Watson and Others v Secretary of State for the Home Department [2018] 2 WLR 1735, paras 27–29.
15 IPA 2016, s 87(1)(b).
16 G Smith ‘Never mind internet connection records, what about relevant communications data?’, Cyberleagal 29 November 2015, https://www.cyberleagle.com/2015/11/never-mind-internet-connection-records.html (accessed 4 November 2020).
17 Explanatory Notes to the Investigatory Powers Act 2016, para 727.
18 Home Office ‘Communications Data Code of Practice’ November 2018, para 2.45, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/757850/Communications_Data_Code_of_Practice.pdf (accessed 4 November 2020).
19 IPA 2016, s 261(7).
20 Explanatory Notes to the Investigatory Powers Act 2016, para 725.
21 Communications Data Code of Practice, above n 18, para 2.38.
22 Explanatory Notes to the Investigatory Powers Act 2016, para 727.
23 Communications Data Code of Practice, above n 18, para 2.24.
24 Liberty, ‘Liberty's response to the Government's consultation on the ruling of the Court of Justice of the European Union on 21 December 2016 regarding the retention of communications data (proposed amendments to the Investigatory Powers Act 2016 and Communications Data Code of Practice)’ 18 January 2018, para 55 https://web.archive.org/web/20180626165837/https://www.libertyhumanrights.org.uk/sites/default/files/2018.01.18%20liberty%20consultation%20response%20FINAL.pdf (accessed 5 November 2020)
25 Ibid, para 56.
26 Liberty, above n 8, para 5.
27 Convention for the Protection of Human Rights and Fundamental Freedoms, Rome, 4 November 1950.
28 Liberty, above n 8, para 2.
29 Ibid, para 8.
30 Ibid, para 9.
31 Ibid, para 32.
32 Ibid, paras 31 and 28.
33 Ibid, para 42.
34 Ibid, para 105.
35 Ibid, para 187.
36 Tom Watson and Others v Secretary of State for the Home Department, above n 14, paras 22–26.
37 Liberty, above n 8, para 138.
38 Ibid, para 139.
39 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ 2002 L 201/37.
40 Liberty, above n 8, para 139.
41 Ibid, para 151.
42 Ibid, paras 151 and 154.
43 Ibid, para 155.
44 Ibid, para 156.
45 Ibid, paras 157–158.
46 Ibid, para 158.
47 Ibid, para 161.
48 Ibid,
49 Ibid.
50 Ibid, para 186.
51 Ibid, para 132.
52 Ibid,
53 Art 52(3) of the Charter.
54 Liberty, above n 8, para 3.
55 Explanatory Notes to the Investigatory Powers Act 2016, para 728.
56 Explanatory Notes to the Investigatory Powers Act 2016, para 735.
57 R (on the application of Davis & Others) v Secretary of State for the Home Department & Others [2015] WLR(D) 318, para 81; Liberty and Others v Government Communication Head Quarters and Others [2015] 3 All ER 142, paras 34, 111 and 114.
58 E Fura and M Klamberg ‘The chilling effect of counter-terrorism measures: a comparative analysis of electronic surveillance laws in Europe and the USA’ in J Casadevall et al (eds) Freedom of Expression – Essays in Honour of Nicolas Bratza – President of the European Court of Human Rights (Oisterwijk: Wolf Legal Publishers, 2012) p 467; Opinion of Saugmandsgaard Øe in Tele2 Sverige AB and Watson, above n 4, para 254.
59 A Escudero-Pascual and I Hosein ‘Questioning lawful access to traffic data’ (2004) 47 Communications of the ACM 82; Opinion of Saugmandsgaard Øe in Tele2 Sverige AB and Watson, above n 4, para 259.
60 Report of the Office of the High Commissioner for Human Rights ‘The right to privacy in the digital age’ 2014, http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf (accessed 4 November 2020) para 19.
61 RE v UK (2016) 63 EHRR 2, para 130.
62 Big Brother Watch and Others v UK [2018] ECHR 58170/13, para 356.
63 Schneier, B Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (WW Norton, 2016)Google Scholar p 26.
64 P Tompkins and J Lawley ‘Context matters’ 5 April 2003, http://www.cleanlanguage.co.uk/articles/articles/205/1/Context-Matters/Page1.html (accessed 4 November 2020).
65 N Taylor ‘Policing, privacy and proportionality’ (2003) 86 EHRLR 97.
66 Bundesverfassungsgericht ‘Data retention unconstitutional in its present form’ March 2010 https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2010/bvg10-011.html (accessed 4 November 2020).
67 Saiban, J and Sykes, J ‘UK Anti-Terrorism Act 2001 and ISPs: a cyber check-point Charlie?’ (2002) 18 Computer Law & Security Review 338CrossRefGoogle Scholar; Solove, D ‘Reconstructing electronic surveillance law’ (2004) 72 George Washington Law Review 1264Google Scholar.
68 Cobbe, J ‘Casting the dragnet: communications data retention under the Investigatory Powers Act’ (2018) PL 14Google Scholar.
69 Ibid, at 14.
70 iiNet ‘Protecting your privacy: our stand against “mandatory data retention”’ 21 July 2014, http://blog.iinet.net.au/protecting-your-privacy/ (accessed 4 November 2020).
71 Home Office ‘Protecting the public in a changing communications environment’ November 2009, para 15, http://webarchive.nationalarchives.gov.uk/+/http:/www.homeoffice.gov.uk/documents/cons-2009-communication-data/cons-2009-comms-data-responses2835.pdf?view=Binary (accessed 4 November 2020).
72 Opinion of the European Data Protection Supervisor on net neutrality, traffic management and the protection of privacy and personal data 2012/C 34/01, para 32.
73 Joint Committee on the Draft Investigatory Powers Bill “Written evidence” February 2016, Open Rights Group, para 125, p 1104 http://www.parliament.uk/documents/joint-committees/draft-investigatory-powers-bill/written-evidence-draft-investigatory-powers-committee.pdf (accessed 4 November 2020).
74 Explanatory Notes to the Investigatory Powers Act 2016, para 265.
75 S Stalla-Bourdillon ‘What the hell are these metadata? … Are communications data, traffic data and metadata all the same thing?’ 30 October 2014, https://peepbeep.wordpress.com/2014/10/30/what-the-hell-are-these-metadata-are-communications-data-traffic-data-and-metadata-all-the-same-thing/ (accessed 4 November 2020); S Stalla-Bourdillon et al ‘Metadata, traffic data, communications data, service use information… What is the difference? Does the difference matter? An interdisciplinary view from the UK’ in S Gutwirth et al (eds) Data Protection on the Move (Springer, 2016) p 441.
76 Written evidence submitted by Exa Networks Ltd (IPB0026) paras 23–25; Written evidence submitted by IT-Political Association of Denmark (IPB0051) para 21; Written evidence submitted by Open Rights Group (IPB0034) para 6.2.3.
77 White, above n 11.
78 Digital Rights Ireland Ltd v Seitlinger and Others [2014] All ER (EC) 775, para 39; Case C-362/14, Maximillian Schrems v Data Protection Commissioner [2016] QB 527, [2016] 2 WLR 873, para 94.
79 Liberty, above n 8, para 151.
80 Ibid, para 152.
81 Ibid.
82 Ibid.
83 Liberty, above n 24, paras 43–44.
84 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC OJ L 105.
85 Tele2 Sverige AB and Watson and others, above n 5, para 74.
86 Art 2(d).
87 Art 29 Data Protection Working Party ‘Privacy on the internet – an integrated EU approach to on-line data protection’ 21 November 2000, para 33, https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2000/wp37_en.pdf (accessed 4 November 2020).
88 Case C-434/16, Peter Nowak v Data Protection Commissioner [2018] 1 WLR 3505, para 34.
89 European Union Agency for Fundamental Rights ‘Handbook on European data protection law’ 2018, para 350, http://fra.europa.eu/sites/default/files/fra_uploads/fra-coe-edps-2018-handbook-data-protection_en.pdf (accessed 4 November 2020).
90 Art 4(2) of the General Data Protection Regulation.
91 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).
92 Murray, A ‘Data transfers between the EU and UK post Brexit?’ (2017) 7(3) International Data Privacy Law 151CrossRefGoogle Scholar.
93 Tele2 Sverige AB and Watson and Others, above n 5, para 70.
94 Ibid, para 77.
95 Ibid, para 81.
96 Ibid, para 97.
97 Ibid, para 17.
98 Ibid, para 98.
99 Big Brother Watch ‘Big Brother Watch's response to the Government's consultation on the ruling of the Court of Justice of the European Union on 21 December 2016 regarding the retention and acquisition of communications data’ January 2018, para 4, https://bigbrotherwatch.org.uk/wp-content/uploads/2018/01/Big-Brother-Watch-Response-to-the-Watson-Consultation-Jan-2018.pdf (accessed 4 November 2020).
100 Secretary of State for the Home Department v Davis MP & Others [2015] EWCA Civ 1185, para 5.
101 Big Brother Watch, above n 99, para 4.
102 Tele2 Sverige AB and Watson and Others, above n 5, para 134(1) and (2).
103 Big Brother Watch, above n 99, para 5.
104 Groussot, X and Minssen, T ‘Res judicata in the ECJ case law: balancing legal certainty with legality?’ (2007) 3 EuConst 385Google Scholar.
105 Big Brother Watch, above n 99, para 5.
106 Liberty, above n 8, para 153.
107 Communications Data Code of Practice, above n 18, para 2.38.
108 WhatIsMyIPAddress ‘What's behind your IP address?’ https://whatismyipaddress.com/ip-reveal (accessed 4 November 2020).
109 Article 29 Data Protection Working Party ‘Opinion 13/2011 on geolocation services on smart mobile devices’ 16 May 2011, para 3, https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2011/wp185_en.pdf (accessed 4 November 2020).
110 M Rouse ‘MAC address (media access control address)’ 19 April 2017 http://searchnetworking.techtarget.com/definition/MAC-address (accessed 4 November 2020). For a more technical definition see Cunche, M ‘I know your MAC address: targeted tracking of individual using wi-fi’ (2014) 10(4) Journal of Computer Virology and Hacking TechniquesCrossRefGoogle Scholar https://hal.inria.fr/hal-00858324/document (accessed 4 November 2020).
111 J Bamford ‘The most wanted man in the world’ 13 June 2014 http://www.wired.com/2014/08/edward-snowden/ (accessed 4 November 2020).
112 Cunche, above n 110.
113 Ibid.
114 T Banks ‘MAC and IP addresses: personal information?’ 24 July 2012 https://www.lexology.com/library/detail.aspx?g=1a45fb24-42dd-4608-b41b-9ed6d54a75ab (accessed 5 November 2020).
115 Case C-582/14 Patrick Breyer v Bundesrepublik Deutschland [2017] 1 WLR 1569, para 16.
116 C Hoffman ‘How (and why) to change your MAC address on Windows, Linux, and Mac’ 30 June 2014 https://www.howtogeek.com/192173/how-and-why-to-change-your-mac-address-on-windows-linux-and-mac/ (accessed 4 November 2020).
117 Data Retention and Acquisition Regulations 2018, SI 2018/1123, reg 21, which inserts s 86(2A) into the IPA 2016.
118 N Brown ‘The CLOUD Act: cross-border law enforcement and the internet’ 8 April 2018, https://www.scl.org/articles/10183-the-cloud-act-cross-border-law-enforcement-and-the-internet (accessed 4 November 2020).
119 Kennedy v UK (2011) 52 EHRR 4, para 159.
120 Liberty, above n 24, paras 4–8.
121 M White ‘Data retention: serious crime or a serious problem?’ (2019) Public Law 643.
122 Amann v Switzerland (2000) 30 EHRR 843, para 56.
123 Uzun v Germany (2011) 53 EHRR 24, para 61.
124 Privacy International ‘Memorandum of laws concerning the legality of data retention with regard to the rights guaranteed by the European Convention on Human Rights’ 10 October 2003, para 3, http://www.statewatch.org/news/2003/oct/Data_Retention_Memo.pdf (accessed 4 November 2020).
125 Kopp v Switzerland (1999) 27 EHRR 91.
126 M White ‘The threat to the UK's independent and impartial surveillance oversight’ (2019) 5 European Human Rights Law Review 524–525; L Harding ‘The State of Secrecy by Richard Norton-Taylor review – spooks in the spotlight’ 10 February 2020, https://www.theguardian.com/books/2020/feb/10/state-of-secrecy-spies-media-britain-richard-norton-taylor-review (accessed 4 November 2020); J Grierson et al ‘Putting extinction rebellion on extremist list “completely wrong”, says Keir Starmer’ 13 January 2020, https://www.theguardian.com/environment/2020/jan/13/priti-patel-defends-inclusion-of-extinction-rebellion-on-terror-list (accessed 4 November 2020); V Dodd and J Grierson ‘Terror police's Extinction Rebellion “risk report” sent out a year ago’ 6 February 2020 https://amp.theguardian.com/environment/2020/feb/06/terrorism-police-assessed-extinction-rebellion-earlier-than-thought?CMP=share_btn_tw&__twitter_impression=true (accessed 4 November 2020).
127 Roman Zakharov v Russia (2016) 63 EHRR 17, para 232.
128 Ibid, para 247.
129 Ibid, para 248.
130 M White ‘Coronaveillance: coronavirus, a threat to national security, economic well-being and serious crime? Exposing pre-existing and ex post facto deficiencies in the Investigatory Powers Act?’ (forthcoming).
131 Tele2 Sverige AB and Watson and Others, above n 5 para 102.
132 Big Brother Watch and Others, above n 62, paras 465–468.
133 Klass and Others v Germany [1978] ECHR 4, paras 48 and 68.
134 Ben Emmerson QC and Helen Mountfield's Opinion to the ICO 19 June 2002, para 13.4(b), https://www.whatdotheyknow.com/request/127491/response/315758/attach/html/3/Counsels%20Opinion%20re%20The%20Telecommunications%20Regulations%201999%2019.6.02.pdf.html (accessed 4 November 2020).
135 Ibid, para 9.7.
136 Ibid, para 9.9.
137 Article 29 Working Party ‘Opinion 03/2013 on purpose limitation’ 2 April 2013, para 25, http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf (accessed 4 November 2020).
138 ICO ‘Enforcement notice’ 23 July 2012, para 9, http://breachwatch.com/wp-content/uploads/2012/08/Southampton-County-Council-Enforcement-Notice.pdf (accessed 4 November 2020).
139 Liberty, above n 8, para 42.
140 Ibid, para 46.
141 Ibid, para 75.
142 Ibid, para 42.
143 Convention on Cybercrime, Budapest, 23 November 2001.
144 T Brewster ‘Nick Clegg “kills off snooper's charter”’ 25 April 2013 https://www.silicon.co.uk/workspace/nick-clegg-kills-off-snoopers-charter-114390?inf_by=5ae711a1671db80f258b5b2d (accessed 4 November 2020).
145 Davis & Others, above n 57, para 122.
146 Ibid, para 121.
147 Communications Data Code of Practice, above n 18, para 17.42.
148 L Clarke ‘UK could track mobile location data in coronavirus response’ 20 March 2020, https://tech.newstatesman.com/security/uk-government-could-track-mobile-location-data-in-coronavirus-response (accessed 4 November 2020).
149 M Spielkamp ‘Google's private data retention’ 1 July 2016, https://mobilsicher.de/uncategorized/googles-private-data-retention (accessed 4 November 2020).
150 Ibid.
151 Explanatory Notes to the Investigatory Powers Act 2016, para 177.
152 D Anderson ‘A question of trust, report of the Investigatory Powers Review’ June 2015, para 9.24, https://terrorismlegislationreviewer.independent.gov.uk/wp-content/uploads/2015/06/IPR-Report-Print-Version.pdf (accessed 4 November 2020).
153 European Digital Rights ‘Shadow evaluation report on the Data Retention Directive (2006/24/EC)’ 17 April 2011, para 13, https://www.edri.org/files/shadow_drd_report_110417.pdf (accessed 4 November 2020).
154 All Party Parliamentary Internet Group ‘Communications data: report of an inquiry by the All Party Internet Group’ January 2003, para 182, https://www.cl.cam.ac.uk/~rnc1/APIG-report-commsdata.pdf (accessed 4 November 2020).
155 Brown, I ‘Communications data retention in an evolving internet’ (2010) 19 International Journal of Law and Information Technology 108Google Scholar.
156 All Party Parliamentary Internet Group, above n 154, para 182.
157 Electronic Frontier Foundation, ‘Mandatory Data Retention: United States’ https://www.eff.org/issues/mandatory-data-retention/us (accessed 4 November 2020).
158 Brown, above n 118.
159 Riddick v Board Mills Ltd [1977] QB 881, at 896.
160 Regan, PM Legislating Privacy, Technology, Social Values and Public Policy (The University of North Carolina Press, 1995)Google Scholar.
161 Cabinet Office ‘Privacy and data-sharing: the way forward for public services’ April 2002, para 52, https://ntouk.files.wordpress.com/2015/06/privacy-and-data-sharing-the-way-forward-for-public-services-2002.pdf (accessed 4 November 2020).
162 AF Westin Privacy and Freedom (New York: Atheneum, 1967) p 24.
163 M White ‘The Privacy International case in the IPT: respecting the right to privacy?’ 14 September 2017, https://eulawanalysis.blogspot.com/2017/09/the-privacy-international-case-in-ipt.html (accessed 4 November 2020).
164 Tom Watson and Others v Secretary of State for the Home Department, above n 14, paras 22–26.
165 M White ‘Data retention is still here to stay, for now…’ 5 February 2018, https://eulawanalysis.blogspot.com/2018/02/data-retention-is-still-here-to-stay.html (accessed 4 November 2020).
166 M White ‘Britain's mass surveillance regime is directly opposing human rights’ 23 April 2018, https://theconversation.com/britains-mass-surveillance-regime-is-directly-opposing-human-rights-93323 (accessed 4 November 2020).
167 Liberty, above n 8, para 120.
168 Ibid, para 121.
169 Tele2 Sverige AB and Watson and Others, above n 5, para 134(1).
170 Ibid, para 50.
171 Ibid, para 51.
172 Ibid, para 62.
173 N Ni Loideain ‘Investigatory powers and human rights law’ in L Edwards (ed) Law, Policy and the Internet (Oxford: Hart Publishing, 2019) p 177.
174 Liberty, above n 8, para 124.
175 Ibid, para 124.
176 Tele2 Sverige AB and Watson and Others, above n 5, para 111.
177 Ibid, para 109.
178 Cobbe, above n 68, at 19.
179 Valenzuela v Spain (1999) 28 EHRR 483, para 60.
180 Roman Zakharov v Russia, above n 127, para 229.
181 Szabo and Vissy v Hungary (2016) 63 EHRR 3, para 53.
182 Liberty, above n 8, para 125.
183 S and Marper v UK (2009) 48 EHRR 50, para 67.
184 Liberty, above n 8, para 127.
185 White, above n 165.
186 Liberty, above n 8, para 128.
187 Davis & Others, above n 57, para 47.
188 Ibid, para 65.
189 Ibid, para 64.
190 Liberty, above n 8, para 129.
191 Davis & Others, above n 57, para 47.
192 Ibid, para 64.
193 Beghal v Director of Public Prosecutions [2015] 3 WLR 344, para 102.
194 Cobbe, above n 68, at 19.
195 M White ‘Protection by judicial oversight, or an oversight in protection?’ (2017) 2(1) Journal of Information Rights, Policy and Practice 26.
196 Ibid, at 25; Cobbe, above n 68, at 18; Murray, above n 92, at 161.
197 Liberty and Others v UK (2009) 48 EHRR 1, para 64.
198 Ibid.
199 Ibid, para 70.
200 Ibid, para 18.
201 Ibid, para 21.
202 S and Marper, above n 183, paras 125–126.
203 Liberty, above n 8, para 129.
204 Ibid.
205 Ibid.
206 BT ‘Annual Report & Form 20-F’ 2018, p 53 https://www.bt.com/bt-plc/assets/documents/bt-plc-financial-results/annual-reports/2018-bt-plc-annual-report.pdf (accessed 5 November 2020).
207 A Battisby ‘The latest UK social media statistics for 2018’ 2 April 2018 https://www.avocadosocial.com/the-latest-uk-social-media-statistics-for-2018/ (accessed 5 November 2020).
208 Ibid.
209 Communications Data Code of Practice, above n 18, para 17.30.
210 BBC Technology ‘Under-age social media use “on the rise”, says Ofcom’ 29 November 2017 https://www.bbc.com/news/technology-42153694 (accessed 5 November 2020).
211 See https://www.whatdotheyknow.com/request/526533/response/1271975/attach/3/attachment.pdf (accessed 5 November 2020).
212 J Cobbe ‘According to the Home Office, “fewer than 25” telcos or postal operators are or have been subject to retention notices under s 87 IPA 2016. That's still a lot – “fewer than 25” companies could cover the vast majority of the UK population’ Tweet of 6 December 2018, 7:04 pm.
213 White, above n 195, at 36.
214 White, above n 11.
215 Liberty, above n 8, para 130.
216 Ibid, para 133.
217 IPCO ‘Approval of warrants, authorisations and notices by judicial commissioners’ Advisory Notice 1/2018 (8 March 2018), https://ipco.org.uk/docs/20180403%20IPCO%20Guidance%20Note%202.pdf (accessed 5 November 2020). See also P Scott ‘Hybrid institutions in the national security constitution: the case of the Commissioners’ (2019) Legal Studies 452.
218 White, above n 195, at 30. For an analysis that makes it clear the JCs have been deliberately misled, see also M White ‘The right to know – a human rights analysis of notifications under the Investigatory Powers Act’ (forthcoming).
219 White, above n 195, at 30–31.
220 Roman Zakharov v Russia, above n 127 para 281.
221 Liberty, above n 8, para 133.
222 White, above n 195, at 26.
223 IPCO, above n 217.
224 White, above n 11.
225 Scott, above n 217, at 453.
226 See generally, for discussion on IPC/JC independence, White, above n 126.
227 Liberty, above n 8, para 133.
228 Law Society and Bar Council, ‘Investigatory Powers and Legal Professional Privilege’ (2015), https://gofile.io/d/DXUZn0 (accessed 29 November 2020), at 32.
229 Liberty, above n 8, para 184.
230 Digital Rights Ireland Ltd v Seitlinger and Others, above n 78, paras 57–58; Tele2 Sverige AB and Watson and Others, above n 5, para 105.
231 J Sobey ‘Legal professional privilege under fire’ (2016) 180 Criminal Law & Justice Weekly 12 https://web.archive.org/web/20160923151907/http://www.halsburyslawexchange.co.uk/legal-professional-privilege-under-fire/ (accessed 5 November 2020).
232 Law Society and Bar Council, above, n 228, at 32.
233 Opinion of Saugmandsgaard Øe in Tele2 Sverige AB and Watson, above n 4, para 212.
234 Liberty, above n 8, para 184.
235 United Nations Educational, Scientific and Cultural Organization ‘Protecting journalism sources in the digital age’ 2017, p 26 https://unesdoc.unesco.org/ark:/48223/pf0000248054 (accessed 5 November 2020).
236 Catt v UK [2019] ECHR 76, para 112.
237 Liberty, above n 8, para 134.
238 Ibid, para 135.
239 Ibid, para 134.
240 Roman Zakharov v Russia, above n 127 para 230.
241 Liberty, above n 8, para 136.
242 Handyside v UK (1976) 1 EHRR 737, [1976] ECHR 5, paras 47–51.
243 Roman Zakharov v Russia, above n 127, para 168.
244 Ibid, para 171.
245 G Smith ‘From oversight to insight – hidden surveillance law interpretations’ 9 November 2018, https://www.cyberleagle.com/2015/11/from-oversight-to-insight-hidden.html (accessed 5 November 2020).
246 Liberty and Others v Secretary of State for Foreign and Commonwealth Affairs and Others [2015] 3 All ER 212, para 32.
247 Roman Zakharov v Russia, above n 127, para 255.
248 Opinion of Saugmandsgaard Øe in Tele2 Sverige AB and Watson, above n 4, para 252.
249 SI 2018/1123.
250 A fuller critique can be found in White, above n 121.
251 Big Brother Watch and Others, above n 62, paras 467–468.
252 Ibid, para 466.
253 By the Data Retention and Acquisition Regulations 2018, reg 3, which added s 22(2A), which includes ‘prevention or detection of crime or of preventing disorder’.
254 Big Brother Watch and Others, above n 62, para 465.
255 Mustafa Sezgin Tanrikulu v Turkey [2017] ECHR 669, paras 60 and 64–65.
256 Communications Data Code of Practice, above n 18, para 1.8.
257 White, above n 126, at 529.
258 Case C-623/17, Privacy International v Secretary of State for Foreign and Commonwealth Affairs, Secretary of State for the Home Department, Government Communications Headquarters, Security Service, Secret Intelligence Service [2020] EUECJ C-623/17_O, Opinion of Campos Sánchez-Bordona para 45.
259 Case C-623/17, Privacy International v Secretary of State for Foreign and Commonwealth Affairs, Secretary of State for the Home Department, Government Communications Headquarters, Security Service, Secret Intelligence Service [2020] WLR(D) 573, para 83(2); Case C-511/18, La Quadrature du Net and Others [2020] WLR (D) 572.
260 Woods, L ‘Automated number plate recognition: data retention and the protection of privacy in public places’ (2017) 2(1) Journal of Information Rights Policy and Practice 1CrossRefGoogle Scholar.
261 Council of the European Union ‘Council Conclusions on improving retention of data for the purpose of fighting crime effectively’ 27 March 2019, paras 6 and 4 http://www.statewatch.org/news/2019/apr/eu-council-data-retention-draft-conclusions-7833-19.pdf (accessed 5 November 2020).
262 Liberty ‘Liberty wins the right to challenge bulk surveillance under snoopers’ charter’ 29 November 2018, https://www.libertyhumanrights.org.uk/?s=Liberty+wins+the+right+to+challenge+bulk+surveillance+under+snoopers%E2%80%99+charter (accessed 5 November 2020).
263 Liberty v SSHD and SSFCA [2019] EWHC 2057 (Admin).
264 BBC ‘Rights group loses mass surveillance appeal in High Court’ 29 July 2019, https://www.bbc.com/news/uk-49153593 (accessed 5 November 2020).
- 1
- Cited by