A number of UK public bodies are holding off requesting access to individual’s internet browser records until the European Court of Justice has handed down its judgement in a landmark legal case which could throw the legislation on its head.
Bulk Data collection powers
Regular users will recall that there was uproar last year after the UK Government passed the Investigatory Powers Act, better known as the Snoopers Charter, which allowed government bodies unprecedented levels of access to British citizens private online data.
Amongst the requirements in the law, was that British ISPs must now retain all user data for a period of one year. And there was much criticism when it became apparent that there were dozens of different public sector bodies which would be able to request access to this data, including the Food Standards Agency, the Gambling Commission, and the Health and Safety Executive. You can view a full list here if you want to know more.
However, there was a glimmer of hope for all privacy-conscious internet users in the UK, after a legal challenge against the bulk retention of data was lodged with the European Court of Justice. This court has ruled against bulk collection in regards to a different piece of legislation in the past, so it seems likely that that precedent might hold true again.
Public Sector bodies holding back
But it has now emerged that a number of bodies that are entitled to access this data are holding back on making requests because of the continued legal uncertainty. The Government has appealed this initial judgement, but the decision on that appeal has yet to be handed down.
In the meantime, Motherboard has reported that a number of public sector bodies are not taking advantage of the power until legal clarity has been established.
In response to a Freedom of Information (FOI) request, the Police Investigations and Review Commissioner in Scotland (PIRC), one body with the power to access information, reported that they were still establishing Standard Operating Procedures (or guidelines in layman’s terms) for how these powers should be used. They noted that these guidelines would not be completed until after the appeal judgement is handed down.
Another body, the Competition and Markets Authority (CMA) indicated their guidelines would be handed down from the Home Office, their parent department and the Government department which instigated the Snoopers Charter in the first place, but even they hadn’t finalised them yet.
Lack of scrutiny and oversight
It is revealing that so much planning is going into how these bodies are going to access our personal internet data. As Privacy International’s legal officer, Camilla Graham Wood, said to Motherboard, “There appears to be a fair amount of work going on behind the scenes to which civil society, and it seems parliamentarians, are not privy.”
The lack of public scrutiny over this matter is certainly something which needs to be addressed as the process by which the Government is handling our personal data should be transparent and subject to appropriate safeguards.
But it is nonetheless encouraging that so much depends on the Governments appeal to the European Courts of Justice. Even if you are the most ardent supporter of Brexit, you cannot help but be concerned about the current British political establishments cavalier attitude towards individual freedoms.
At the same time, the EU has shown great fortitude to stand up against the tide of intrusive and repressive legislation around the world.
Nowhere has this been more evident than the recent recommendation from the European Parliament’s (EP’s) Committee on Civil Liberties, Justice, and Home Affairs that end-to-end encryption should be compulsory and all backdoors into encryption blocked. This stands at odds with the UK Governments outspoken support for encryption backdoors to be introduced in the wake of recent terror attacks in the UK.
It seems a distinct possibility that the European Court of Justice will rule against the British Government on this matter, which will potentially put the whole concept of bulk collection of personal data into disarray, at least for as long as the UK remains a member of the EU.
In the meantime, this data is still being harvesting and some public bodies are likely to be accessing it already. Which means that if UK internet users want to enjoy real privacy, they should be sure to use a reputable VPN, such as IPVanish or ExpressVPN to ensure their online activity is only visible to themselves.