British government ‘breaking law’ in forcing data retention by companies

By Alex Hern
The Guardian

The British government has been accused of breaking the law by forcing telecoms and internet providers to retain records of phone calls, texts and internet usage, months after Europe’s highest court said that such data retention breaches citizens’ fundamental right to privacy.

Now it could face a high court challenge that would force it to strike down the law, enacted in 2009 by the previous Labour administration.

The Data Retention (EC Direction) Act of 2009 was implemented by the last Labour government in response to the 2006 EU data retention directive, which required member states to store citizens’ telecoms data for a minimum of six months and a maximum of 24 months. Britain’s implementation requires providers to keep data for 18 months.

In April, the European court of justice declared the directive invalid. In an opinion delivered in January, the court’s advocate general, Pedro Cruz Villalón, said that it constituted a “serious interference with … the right to privacy and the right to protection of personal data”.

But despite the fact that the directive which mandated the creation of the UK act was struck down, the UK government has not yet moved to invalidate the Act. Answering a parliamentary question from Liberal Democrat MP Julian Huppert the Home Office minister James Brokenshire revealed last week that the government had explicitly notified telecoms providers that “they should continue to observe their obligations as outlined in any notice”, despite the ruling.

A Home Office spokesman said the department was “looking at the issue as a matter of urgency, and deciding what steps need to be taken to ensure public authorities can continue to access communications data.

“However, we have advised communications service providers that the UK Data Retention (EC Directive) Regulations 2009 remain in force.”

The Home Office added that “the retention of communications data is absolutely fundamental to ensure law enforcement have the powers they need to investigate crime, protect the public and ensure national security”.

On Friday, Buzzfeed UK reported that Labour MP Tom Watson weighedin, asking “whether public communications providers have sought advice” from the Home Office. He received the same reply as Huppert did from James Brokenshire.

In his opinion supporting the overturning of the data retention directive, Pedro Cruz Villalón, the EU Advocate General – charged with providing impartial advice to the ECJ – argued that the retention of such data “may make it possible to create a both faithful and exhaustive map of a large portion of a person’s conduct strictly forming part of his private life, or even a complete and accurate picture of his private identity.”

He also highlighted the risk that the retained data might be used illegally in ways that are “potentially detrimental to privacy or, more broadly, fraudulent or even malicious”.

Cruz Villalón also expressed concerns that data retained under the directive is not held by public authorities but by the providers themselves; and that it does not need to be physically stored in the EU but can be kept on servers anywhere in the world.

Elizabeth Knight, of the Open Rights Group, said: “In our view there is no legal basis for this continuing retention of data. When the European court of justice struck down the data retention directive this rendered the UK’s implementation of the directive unlawful.

“The government says it is considering carefully the judgment but it has had over two months to consider it. The grounds on which the government is advising ISPs to continue to retain data are unclear. The government must give a full explanation of why it believes ISPs should continue retaining their customers’ data.”

Comments are closed.