Another blow has been dealt to the government’s Investigatory Powers Bill, dubbed the Snooper’s Charter, after judges at the Court of Appeal upheld a challenge brought forward by deputy Labour leader Tom Watson, who has argued that the mass surveillance of communications data carried out by authorities infringes on the public’s human rights.
Concessions and amendments that are set to be introduced by the government are not going far enough to comply with EU law, according to the ruling, which could create serious problems for any UK-EU data sharing deal post-Brexit.
We at diginomica/government have long highlighted the importance of such a deal in the wake of Brexit, in order to avoid a data sharing cliff-edge scenario come March 2019 when the UK exits the EU trading bloc.
In short, if the government isn’t deemed to be complying with the EU’s regulatory and privacy frameworks as they relate to data protection, then the European Commission may well argue that the UK isn’t well aligned enough to freely continue sharing data with EU organisations.
By way of background, Watson launched his challenge to a previous law, the Data Retention and Investigatory Powers Act in 2014,which forced communications companies to store detailed information about the locations of people using devices such as mobile phones, as well as the who, when and how of every email, text, phone call and internet communication – including those of MPs, lawyers, doctors and journalists.
DRIPA expired at the end of 2016 – but the Government replicated and vastly expanded the same powers in the Investigatory Powers Act, which started to come into force in 2017.
Watson argued that the Act contained inadequate protections for British people’s fundamental rights – letting hundreds of organisations and government agencies, from police forces to HMRC, grant themselves access to this highly personal and revealing data for a huge range of reasons that had nothing to do with investigating serious crime.
The High Court agreed with him in 2015. The Government appealed – and the Court of Appeal referred the case to the European Court of Justice (ECJ) for clarification. In December 2016, the ECJ echoed the High Court’s ruling – and went further, setting down a series of safeguards that the Government needed to introduce to properly protect people’s privacy.
On 30 November 2017, the Home Office accepted that the Investigatory Powers Act needed changing as a result of the ECJ judgment – but the proposed changes fall far short of what the ECJ said was needed.
Commenting on the judgement, Tom Watson MP said:
This legislation was flawed from the start. It was rushed through Parliament just before recess without proper parliamentary scrutiny. “The Government must now bring forward changes to the Investigatory Powers Act to ensure that hundreds of thousands of people, many of whom are innocent victims or witnesses to crime, are protected by a system of independent approval for access to communications data. I’m proud to have played my part in safeguarding citizen’s fundamental rights.
In this week’s ruling, Court of Appeal judges ruled DRIPA breached British people’s rights because, among other things, it:
- did not restrict access to this data, in the context of the investigation and prosecution of crime, to the purpose of fighting serious crime.
- let police and public bodies authorise their own access, instead of subjecting access requests to prior authorisation by a court or independent body.
The Home Office did announce a series of amendments in November last year, including a new ombudsman that would oversee requests for data, but Watson and civil rights group Liberty argued that the plans were “half-baked” and did not go far enough. And the courts have now essentially agreed.
Security Minister Ben Wallace downplayed the ruling and said:
Communications data is used in the vast majority of serious and organised crime prosecutions and has been used in every major security service counter-terrorism investigation over the last decade. It is often the only way to identify paedophiles involved in online child abuse as it can be used to find where and when these horrendous crimes have taken place.
We had already announced that we would be amending the Investigatory Powers Act to address the two areas in which the court of appeal has found against the previous data retention regime. We welcome the fact that the court of appeal ruling does not undermine the regime and we will continue to defend these vital powers, which Parliament agreed were necessary in 2016, in ongoing litigation,
Implications for Brexit
Ensuring an effective and robust framework for mass surveillance of communications data, one that balances the need for security with the civil liberties of the public, is obviously hugely important in this digital age. However, another consequence of the ruling is that the judgement could have huge implications for the Brexit negotiations.
Essentially, if the UK wants to continue a free data sharing arrangement with the EU post-March 2019, it needs to be strongly aligned with the EU’s data frameworks. Whilst the government has committed to implementing GDPR, the EU’s new data protection legislation, if the UK is seen to be diverging from the EU’s views on mass surveillance, this could prove to be a fundamental roadblock in negotiations. One that isn’t being given the priority it needs.
I spoke to Nicky Stewart, commercial director at UKCloud, a leading UK IaaS provider, who voiced concerns about the ruling and the government’s approach to the Snooper’s Charter. She said:
I think the most interesting thing about all of this is that it’s going to give more ammunition to the European Commission, which is currently using EU-UK data flows in the post-Brexit scenario as a political football. Quite recently they said that the UK is going to be a third country if we don’t get some kind of data flow agreement as part of negotiations. And a third country means we would need some kind of Privacy Shield arrangement or standard contractual clauses.
The Securities Minister seems to totally underplaying the whole thing and suggesting the amendments going through negate the judgement. Maybe so. But I think the whole thing is becoming very politically charged. Personally we would like to see the government perhaps taking this whole data protection issue a little bit more seriously than they have been.
Stewart added that the priority for the government needs to be making the Investigator Powers Bill legal in the eyes of the EU. She added:
I think at the moment DCMS appears to be taking the stance that GDPR is coming into force that everything will be alright. But Europe has already said that not everything is going to be alright unless we get some kind of separate agreement going. And we really don’t see any signals from the government that anything is happening at the moment.
Clearly, they need to make the Investigatory Powers Bill legal. The Bill has always been the elephant in the room in terms of post-Brexit data flows. But we also want to see them putting EU-UK data flows right at the top of the agenda.
This is a fundamental problem for the UK’s Brexit negotiations. One that needs to be fixed asap. We all realise that surveillance of communications data is imperative in terms of national security. However, so are safeguards to ensure the protection of the public’s rights. Ignoring the concerns of the EU could well lead to a data sharing arrangement falling down during negotiations, which would create huge problems for businesses trading in a post-Brexit environment.
Image credit - Hacking © BillionPhotos.com - Fotolia.com
Disclosure - UKCloud is a diginomica/government premier partner at time of writing.