EU court slams indiscriminate data collection, opening challenge to British cyber law

The law requires telecommunications companies to store the web and message history of Britons for the government to access. But Europe's highest court ruled such a law is unjustifiable in a democratic society. 

Paul Hackett/ Reuters
A European Union flag is held in front of the Big Ben clock tower in Parliament Square during a 'March for Europe' demonstration against Britain's decision to leave the European Union, central London, Britain on July 2, 2016.

The general and indiscriminate collection and storage of data such as internet search histories and usage of messages and apps is not justifiable in a democratic society, Europe's highest court ruled Wednesday.

The decision by the European Court of Justice in Luxembourg is a defeat to Britain’s new cyber-surveillance law, which requires telecommunications companies to keep records and web activity of Britons for one year, and allows government officials unprecedented access to this database. The 15-judge panel found it unlawful for European governments to force communication companies to retain all user data, presenting challenges for laws such as Britain's Investigatory Powers Act, which gave such access to a range of departments – one of several countries wrestling with security and privacy concerns amid terrorist threats that some argue demand more data tracking.

The high court's decision stems from a legal challenge in Britain over the law, which opponents dubbed the "snooper's charter." The Investigatory Powers Act was first introduced in British parliament in May 2015 to replace the expiring Data Retention Investigatory Powers Act. One part of the legislation required telecommunications companies to create a database of websites Britons visited and messages and apps they used. This information would remain in a database officials could access for up to a year. Excluded from the database, however, were specific pages Britons visited or the contents of the messages they sent.

But British politicians David Davis and Tom Watson, backed by civil liberties groups, challenged the legality of the law. They won that legal challenge in the British High Court, but the government appealed the decision and the case was referred to the European Court of Justice.

In its summary ruling, the Luxembourg court found electronic communications allow “very precise conclusions to be drawn concerning the private lives of persons whose data has been retained,” as The Guardian reported.

“The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance,” wrote the court. “Legislation prescribing a general and indiscriminate retention of data … exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society.”

Instead, the court said only “fighting serious crime” such as terrorism could justify such state interference. In that case, officials must request a court or independent body authorize the access of such data.

The case will now return to a British court of appeal to resolve the country’s cyber-surveillance law.

In the ECJ case, lawyers for the British government argued cyber-communications have been central to recent terror investigations. British Home Secretary Amber Rudd put forth a similar argument when she described the purpose of the law in November, after the bill received Royal Assent.

“At a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe,” Secretary Rudd said, adding that the internet “presents new opportunities for terrorists” that the country must now address.

But Liberty, the civil liberties group that backed the legal challenge, said the ruling meant Britain’s law must be changed right away.

“Today’s judgement upholds the rights of ordinary British people not to have their personal lives spied on without good reason or an independent warrant,” said Liberty director Martha Spurrier.

The ruling applies to the British law as long as the Kingdom remains a member of the European Union. But once the government carries through with a successful referendum to leave the EU, the ruling could become merely “academic” in the privacy vs. security debate, according to The Guardian.

The ruling comes at a time when Europe and the United States are testing the boundaries of surveillance to thwart perceived terrorist attacks.

“In the wake of the [Paris attack] that left 130 dead, European governments bemoaned an intelligence ‘black hole’ stemming from countries failing to share intelligence. Now, lawmakers are considering ways of enhancing surveillance practices and rethinking many privacy safeguards designed to prevent pervasive data tracking and collection across Europe,” Rachel Stern reported for The Christian Science Monitor in February.

Such considerations have included governments having a so-called “master key that officials could use to unlock encrypted communications to disrupt terrorists’ use of the Internet,” an idea harshly criticized by digital rights and civil liberties groups.

Apple's chief executive, Tim Cook, offered a similar argument in refusing to comply with the US government's order to unlock the iPhone of Syed Rizwan Farook, who, with his wife, killed 14 people in an attack in San Bernardino, California last December.

If Apple built the software to do so, it would risk creating an unacceptable "master key," Mr. Cook said, compromising the encryption of all the company's devices.

This report contains material from Reuters and the Associated Press.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to EU court slams indiscriminate data collection, opening challenge to British cyber law
Read this article in
QR Code to Subscription page
Start your subscription today