Last time you used the telephone, the police and secret services may have kept a record of who you called, for how long and from where. Is that right? Last week, a court ruled on how much data about emails and phone calls the police and secret services are allowed to collect.
Two members of Parliament and two others took the government to court over the laws which set the limits on how much we can be spied on. The Data Retention and Investigatory Powers Act lets law enforcement and security agencies collect “bulk” communications data – who we are in contact with, for how long, from where and when, although not the content of the communications. The Act was rushed through Parliament as an emergency measure: MPs only had one day to debate the provisions, which gave sweeping powers to the agencies to retain and access data as and when they saw fit.
This, said the MPs David Davis and Tom Watson, could hardly be right: it was surely an infringement of human rights. What about the right to a private life? What about the right, protected under European Union law, to adequate protection of your personal data? Where were the safeguards necessary to protect the most confidential communications – clients to their lawyers, or constituents to their MPs? Sometimes knowing who is talking to whom can be very telling in itself.
They took it to court, challenging it as incompatible with human rights as protected under EU law (an important point since it let the court strike down parts of the laws altogether). They succeeded. The government now has until the 31st March 2016 to come up with a new regime with better safeguards for the protection of basic rights.
Any law letting police and secret services collect “bulk” data will have to have safeguards built in. Most importantly, there must precise rules as to when the data can be accessed to be set out. It’s just not good enough to leave it up to the agencies involved, the court said: there have to be standards, and these have to be predictable and accessible. And any requests to access the data must be authorised by a judge or other independent body. If the government wants access to such potentially sensitive data, it has to stand up to impartial scrutiny. This is potentially a big advance for the protection of rights over our data.