European Court of Justice rules indiscriminate data retention illegal

Written by Rebecca Hill on 21 December 2016 in News

A landmark European Union judgment has dealt a heavy blow to the UK’s Investigatory Powers Act, ruling that the general and indiscriminate retention of emails by governments is illegal.

European court rules that governments can only retain data on a targeted basis - Photo credit: PA Images 

In response to a case brought initially by Labour deputy leader Tom Watson and Conservative MP David Davis, the European Court of Justice said that governments should only use targeted – not indiscriminate – retention of data to combat serious crime.

The pair – who were challenging the legality of the UK government’s surveillance agency GCHQ’s bulk interception of email and electronic communications data – had already won a case in the high court but an appeal by the government sent it to the EU’s highest court.

Related content

Labour MP says Brexit could mean ‘exit for tech’ when it comes to data
Review backs bulk data-interception but proposes new ‘tech expert’ panel
Whitepaper: Transforming public sector productivity

The ruling, which says that EU law overrules national legislation will be a blow to the government’s Investigatory Powers Bill, which passed into law last month, as it could open it up to challenges. However, it is not clear what the long-term effect will be after the UK leaves the European Union.

The ECJ ruling says that EU law “precludes a general and indiscriminate retention of traffic data and location data”.

It is up to member states to make provisions for targeted retention of data, it said, but this must be “solely for the purpose of fighting serious crime” and must be “limited to what is strictly necessary”.

The ECJ noted that the retained data was “liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained”.

It added: “The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance.

“Consequently, only the objective of fighting serious crime is capable of justifying such interference.”

In addition, government access to the retained data “should, except in cases of urgency, be subject to prior review” by an independent authority and that the data must be stored within the EU.

Davis, who is now Brexit secretary, withdrew from the case when he was appointed to his new role.

Share this page



Please login to post a comment or register for a free account.

Related Articles

EXCL: Cabinet Office alerted to data breach – and fails to respond for 10 days
25 November 2022

Personal details of civil servant and supplier exposed by inadequately redacted document, discovered by PublicTechnology

Scottish guidelines on police use of biometrics take effect
17 November 2022

Move to introduce code of practice for the likes of facial recognition and fingerprints is believed to be a world first

DfE scolded after breach enabled ‘prolonged misuse of 28 million children’s personal data’
8 November 2022

Department spared £10m fine despite ‘serious breach of the law’

Home secretary admits sending multiple documents to personal email
1 November 2022

Braverman reveals six occasions on which guidelines were breached – but claims no information on law enforcement, security or cyber issues was sent