What's yours is mine, what's mine's my own says UK Government
11 July 2014
When passed, the Data Retention & Investigatory Powers Bill (the Bill) will allow for the retention of 'communications data' for up to 12 months which may be accessed by law enforcement agencies for the purposes of preventing and detecting serious crimes and to ensure national security.
The Bill was passed following the declaration by the European Court of Justice (ECJ) on 8 April 2014 that the Data Retention Directive (the Directive) is invalid.
The rhetoric from David Cameron has been appropriately declamatory: "The public should be worried if we didn't act".
Nick Clegg, the self-proclaimed "old fashioned liberal" sought to reassure privacy advocates that the Bill's "poison pill" was a sunset provision setting out an expiration date for the Bill and that the Bill was simply "remitting that wider debate" for the next Parliament.
The politicians also indicated that the government will take further moves to "increase transparency and oversight", including the establishment of a new Privacy and Civil Liberties Board to scrutinise the impact of the Bill and the publication of annual reports on the use of the powers.
In addition, the explanatory notes to the Bill states that the Bill adds "further safeguard in line with the [ECJ] judgement".
All very comforting, on the face of it…
However, when one analyses the Bill, the explanatory notes and the proposed 'safeguards', one cannot help but sense that this 'debate' is somewhat…superficial…
Paragraph 32 of the explanatory notes: "…it is envisaged that when communications data policy is considered in the next Parliament, legislation conferring further powers may be proposed".
An indication that Clegg's "poison pill" perhaps is not so toxic after all.
What exactly will 'further powers' comprise? Retention of email and SMS content as well as metadata? A broadening of the definition of 'serious crime'?
One also has to question what exactly the point is of the proposed Privacy and Civil Liberties Board? What is the use of a Board 'scrutinising' a law which as good as set in stone and which seems set only to widen in scope in the future?
Two of the ECJ's fundamental concerns with the Directive were that: it did not ensure the irreversible destruction of data at the end of the retention period; and it did not require that the data be retained within the EU.
Worryingly, the Bill does not address either of these concerns.
In an age of increasing cyber-attacks and identity theft and fraud, data collection on this scale with so few legislative safeguards undoubtedly has the potential to have devastating consequences on the rights of individuals and the protection of personal data.
Government, in its haste, seems not to have realised that the ECJ was not opposed to the Directive in principle; rather the issue was that the Directive did not adequately provide protection for personal data.
Unfortunately, history seems set to repeat itself…
This article was written by Janine Regan.
For more information please contact Janine on +44 (0)20 7203 6798 or email@example.com.