Tag Archives: Surveillance

Keith Ewing, Joan Mahoney, and Andrew Moretta: Surveillance and the Liberal State

EyeThe recent revelations by the Guardian about the ‘United Stasi of America’ appear to have disappointed, surprised and even shocked a number of people, who ought to know better.   The British government has responded in a predictably incomplete way, denying any wrongdoing on the part of our Security State, taking cover behind the robustness of our legal protections against abuse of the citizen’s right to privacy.

In the course of work that we are currently undertaking on civil liberties during the Cold War, it is clear to us, however, that activity of this kind is part of the DNA of the liberal state.    The MI5 files held in the National Archives provide an insight into the surveillance activities of government, though we are not suggesting that these files give a complete or even an adequate insight.    By no means all the security files have been released, and it is impossible from the catalogue to say how many have been withheld or destroyed.   There is a sense that files have been released very carefully and that they have been weeded just as carefully, so that historians are restricted to officially sanctioned data that will cause minimal embarrassment to the Security Services.    We are being invited to write the history they want us to write, about the people they want us to write about, based on the data they want us to find.

What is striking, nevertheless, is the suggestion to be found in the contents of the files that surveillance was taking place on a massive scale.   So although only a sample of files has been released, careful reading of these files does allow for jigsaw pieces to be uncovered, helping to build a picture larger than the sum of the files themselves.   Thus many files refer to other surveillance targets incidentally, because – for example – they were present at bugged meetings, the references to these individuals also containing a reference to their PF number (which we assume is their Personal File number).    So a reference to Gerald Gardiner in the solicitor Harry Thompson’s file reveals that what appears to be the future Lord Chancellor was PF 723,729.   This reference was in a minute of a phone call intercepted in 1946; we have encountered other PF numbers in the 1960s in the 800,000s.

In the last case the individual in question was Ruth Taylor (PF 815,946) who had the good fortune/misfortune to be the niece of John Gollan, sometime General Secretary of the Communist Party.   Her file appears to have been destroyed, along with the files of all the other people related to John Gollan about whom a file appears also to have been kept:  his father, his wife, his brother and his three sisters.  We assume that files were kept on each of the foregoing because their names and PF numbers all appear on the front of John Gollan’s file in some weird cross-referencing system.   We are trying to make sense of this, and trying to understand whether it can really be the case that by the mid 1960s, as many as 815,946 people were or had been under surveillance.   Perhaps Security Service lawyers will be able to offer an alternative explanation in the comment section below.

What is also striking about the files is the nature of the information that is retained and now published, in relation to people who were ‘innocent’ of any offence.   So we find transcripts of intercepted phone calls about the marital problems of a Communist Party employee (and the recording of tittle tattle of a personal nature about her apparently feckless husband); claims that a sometime Member of Parliament enjoyed the extended embrace of a prostitute; and reports of intense surveillance of a barrister (later to become a High Court judge) who was revealed incidentally to have had a French mistress in the West End.    The surveillance in this last case – for reasons that were wholly groundless – included a period during which the individual in question was followed wherever he went, his phone tapped and his mail intercepted, before the penny dropped that a crass mistake had been made.   That has not prevented the fruits of that surveillance to be published.

But of course this is only a very small part of it.   It was the political stuff they were really after.   In the case of selected parliamentary candidates and MPs there are detailed Special Branch reports of election meetings and election campaigns.   The latter included details of the identity (and PF numbers) of the individuals in the constituency who displayed election posters supporting a candidate, as well as the owners of ‘motor cars’ used during the campaign (for example to take electors to the polling station).   Yet it was not only politicians, lawyers and academics.   Other prominent figures were also the target of surveillance, including Kingsley Martin (PF 41,632), a leading pacifist who was editor of the New Statesman.   According to a Special Branch report, Mr Martin addressed a meeting in London on 27 March 1952 organized by the London Anarchist Group.   In the presence of 650 people, Mr Martin said that:

There was a creeping plague of injustice and tyranny evident in the world today . . . The Middle Ages were almost kindly in comparison with Europe today, There were however a few patches of freedom left.   He spoke of the methods adopted in Spain of making prisoners confess through cruelty . . . and said that such confessions were accepted at the trials.   It was the law in Spain that people must adopt themselves to the existing regime . . . . A steady policy is needed of encouraging resistance in Spain, Franco is now sensitive to criticism as he wants to join the Western Community.  We must force the Government to say to the Spanish government ‘As you are today , the British People will not take you as allies and friends’.

That was enough to justify surveillance and retention.    It seems they were trying to work out whether he was a communist or not.   If so, so what?   Like countless others, Martin’s foreign travel was monitored – not only at the airport where surreptitious Special Branch baggage searches took place, but also on arrival.   His visit to Kenya in November 1952 caused some concern for the diplomatic corps there, a British official contacting London to say that Mr Martin’s ‘outspoken views on racial discrimination [to which he was opposed] and remarks that terrorism can not be attributed to Mau Mau have naturally irritated local authorities’.   A security check was requested, following which the reply came that Martin was ‘not known to be a member of the Communist Party’, but that he was a pacifist who had for a long time been an active member of the Union of Democratic Control and was probably still a member of the National Council of Civil Liberties (about which there was also a file in the OF series; the NCCL appears to have been OF 561/1).

Which brings us back to the confected public reaction to the allegations about the US and UK security agencies, a reaction that reveals remarkable naivete on the part of those who are ‘disappointed, surprised or even shocked’.   A day at the National Archives will quickly reveal that the British state has been engaged in massive surveillance of individuals and organisations on a potentially eye-watering scale, and in the process stored information on people’s personal lives that is now being fed – intentionally or otherwise – into the public domain to tarnish their reputations posthumously, perhaps in the process revealing to the wider public details about them that is unknown to their surviving families.   Apart from the above, we also have detailed character assassinations of those now deceased, including in at least one case the wife of another prominent lawyer, the latter having been very closely watched for very many years.

Quite apart from the absurdity of William Hague’s suggestion that the only people now under surveillance are the guilty and that law abiding citizens have nothing to fear (to which Paul Flynn MP had the perfect answer), the Daily Mail reader who believes such nonsense might want to think again.   It may well be true, and it may well be inappropriately cynical to believe that the government’s assurances are about as valuable as HBOS shares at the time of the banking crisis.    For as Mr Hague reminded us, we have robust legal procedures now in place, including the much – celebrated Human Rights Act 1998 and the culture of liberty it has blown through government departments.   There are no doubt some amongst us who will wish to assume that as a result no such surveillance goes on – whether by or on behalf of the British government, and that as a result the US Constitution is a poor substitute for our timely incorporation of the ECHR into domestic law.

Keith Ewing               Joan Mahoney           Andrew Moretta

Suggested citation:K. Ewing, J. Mahoney, and A. Moretta ‘Surveillance and the Liberal State’ UK Const. L. Blog (16th June 2013) (available at http://ukconstitutionallaw.org)


Filed under Human rights

Paul Bernal: The Draft Communications Bill and the ECHR

The Draft Communications Data Bill was published on the 14th June. It had been much anticipated, particularly by privacy advocates, and dubbed the ‘snooper’s charter’, a nickname that seems eminently appropriate. That it could pose a threat to privacy has already been discussed at some length. That it poses a threat to other human rights may not be quite so obvious: that is the subject of this blog.

 A ‘Snoopers’ Charter’?

The Bill grants powers to the Home Secretary (or another cabinet minister) to order the gathering and retaining of any ‘communications data’ by ‘telecommunication operators’. The key point here is that the intention is to gather and retain all the data: this is universal surveillance, with the limitations and controls only over access to the data. The data will be required to be held for 12 months, and access will be controlled through a system of safeguards which effectively mean that ‘designated senior officers’ will need to approve requests for data – though precisely what constitutes as ‘designated senior officer’ remains unclear. Much is made of the fact that the ‘contents’ of communications are not to be gathered and retained, but only the ‘traffic data’ – who you are communicating with, how, when and so forth – but as shall be discussed below, this is not nearly as significant an exclusion as it might seem.

The terms ‘communications data’ and ‘telecommunication operators’ are defined very broadly – and therein lies the fundamental challenge of the bill. It could cover conventional telecommunications – anything from pigeon-post to email – but, as it is written and intended, it could also cover almost any activity on the internet. When you visit a web page, for example, you send a ‘communication’, via your internet service provider (‘ISP’) to the server where the web page is held, and a ‘communication’ is sent back to you: the contents of the web page itself.

The idea behind this very broad definition is that it will not just cover conventional emails and so forth, but all the other varied forms of communications used on the internet – from instant messaging to Twitter and Facebook messages, commenting on blogs and so forth, and indeed any new forms of communication that arise. The implications, however, are immense: it means that all of our online life can and will be recorded and potentially made available for scrutiny and use.

This has human rights implications beyond the obvious-seeming intrusions into our private correspondence – one part of Article 8 of the European Convention on Human Rights (ECHR) – into our private lives themselves, and further, upon Articles 9, 10, 11 and 14 of the convention.

Article 8: Respect for Private and Family Life, Home and Correspondence

On the surface, it might appear that ‘communications data’ relates to the ‘correspondence’ part of this Article – and indeed communications like telephone calls, emails, text messages, tweets and so forth do fit into this category – but internet communications data has a much broader impact upon the ‘private life’ part of the Article. Web-browsing data, for example, can reveal far more intimate, important and personal information than might be immediately obvious. It reveals which websites are visited, which search terms are used, which links are followed, which files are downloaded – and also when, and how long sites are perused, using what kind of computer, phone or other device and so forth. When all the other data that is being gathered under the terms of the Bill – from traditional communications data like email, text messages and phone calls to music listened to on Smartphones, geo-location data etc – is added to this mix, aggregated and analysed, the potential becomes even greater.

This data can reveal habits, preferences and tastes – and can uncover, to a reasonable probability, religion, sexual preferences, political leanings etc. It can dig deep into our personal lives. We use the internet to establish and support personal relationships, to find jobs, to bank, to shop, to gather the news, to decide where to go on holiday, to concerts, museums – or football matches. Some use it for education and for religious observance – checking the times and dates of festivals and so forth, or details of dietary requirements. There are few areas of our lives that remain untouched by the internet – and those areas are reducing all the time.

Analysis and profiling

What is more, analytical methods through which more personal and private data can be derived from browsing habits have already been developed, and are continuing to be refined and extended, most directly by those involved in the behavioural advertising industry. Significant amounts of money and effort are being spent in this direction by those in the internet industry – it is a key part of the business models of Google, Facebook and others. It is already advanced – but we can expect the profiling and predictive capabilities to develop further both in scope and in accuracy in the future.

This is not profiling in the conventional ‘psychological’ form, based on educated guesses and theoretical associations: it is mathematical profiling, based on correlations determined by comparisons of massive amounts of data. Profiling like this doesn’t make judgments – and as a consequence has the potential to be far more accurate than the more conventional kind. And, importantly, the techniques and technologies developed to profile for advertising can be applied just as easily to other forms of profiling, whether they be political, religious, ethnic, or any other kind.

What this means is that by gathering, automatically and for all people, ‘communications data’, we would be gathering the most personal and intimate information about everyone. The Bill is not about gathering a small amount of technical data that might help in combating terrorism or other crime – it is about universal surveillance and ultimately profiling. That ‘content’ data is not gathered is of far less significance – and that focusing on it is an old fashioned argument, based on a world of pen and paper that is to a great extent one of the past. The surveillance and profiling enabled by the Bill is something new, and something that impacts not only on our private lives, but on many other aspects of our human rights.

Article 9 – Freedom of thought, conscience and religion

This kind of profiling is what brings Article 9 into play: it can be possible to determine (to a reasonable probability) individuals’ religions and philosophies, their languages used and even their ethnic origins, and then use that information to monitor them both online and offline.

Although it would certainly be a stretch to suggest that such profiling might allow a profiler to know what someone’s thinking, that, effectively, is its aim, and it may well get significantly closer to achieving that aim than we realise. What is more, the profiling techniques – and the databases upon which those profiling techniques are based – are improving all the time. From the perspective of the profiler, precise accuracy may not be crucial: a reasonable probability may be all that is needed. From the perspective of those being profiled, the situation is very different – and problems may arise from both accurate and inaccurate profiling. A real ‘dissident’, for example, may be located and imprisoned by an accurate profile, while an ‘innocent’ may be unfairly punished by an inaccurate profile. Either way, the consequences can be disastrous.

Article 10 – Freedom of Expression

Though the connection between freedom of expression and privacy may not be obvious – indeed, the two may appear at times to be in conflict – for freedom of expression to function properly there must be a degree of privacy.

Two examples demonstrate how works. The first is the Nightjack saga. Nightjack was a blogger, a police ‘insider’ – and in order to get his stories out into the world, he needed to be able to protect his identity. He needed to be able to control who knew what about him – and the kind of surveillance envisaged by the Communications Data Bill could have put that at risk. When his identity was revealed – through a sorry tale of computer hacking and mismanagement at the Times – it meant that Nightjack effectively ceased to exist. Freedom of expression was curtailed through a lack of privacy.

The second, more gruesome example, comes from Mexico. Over the last few years at least four Mexican bloggers have been brutally killed by the drug cartels about whom they have been writing. Precisely how they were discovered and their identities revealed is not clear, but the kind of tools that the Communications Data Bill could provide would have made it possible – and the idea that giving such tools to the Mexican police would mean that they wouldn’t get into the hands of the drugs cartels would be naïve to say the least.

It is not just in these kinds of situations that privacy is crucial for free expression: there are many more, from those dissenting against oppression to those threatened by abusive spouses, to whistleblowers and so forth. Without a reasonable expectation of privacy, many of these would simply choose not to speak out – as Jo Glanville of Index on Censorship has argued, privacy is essential for free speech to thrive.

Article 11 – Freedom of Assembly and Association

The internet offers previously unimaginable tools for groups – and for ‘assembly’ and ‘association’ of all kinds. Online communities have developed – using services like social networking, instant messaging, message boards and so forth – and ‘real world’ groups have used the same tools to facilitate their ‘real world’ meetings and communications. In this way, the internet can often be seen as a force for ‘good’, for ‘democracy’ and so forth. Many commentators have suggested that the internet played a key role in the Arab Spring – and though its role has probably been exaggerated, the internet was certainly used by many of those organising the resistance in Tunisia and Egypt in particular.

However, when communications (and in particular the internet) are used to organise meetings, to communicate as groups, to assemble both offline and online, internet surveillance can become significant and potentially dangerous. Meetings can be monitored or even prevented from occurring, groups can be targeted and so forth. Oppressive regimes throughout the world have recognised and indeed used this ability – in Tunisia, for example the former regime hacked into both Facebook and Twitter to attempt to monitor the activities of potential rebels.

It is not, however, just in extreme situations like that of a political uprising that internet surveillance comes into play. Authorities in the UK, for example, might argue that it would be right to monitor social media during a riot – and with some justification. But what about a peaceful protest? And then what about those organising a protest, before the event? How about a trade union? It is easy to make a decision on an extreme case – but the grey areas come into play much more easily than might be obvious, and the temptation for authorities to use tools once they’re there might well be too hard to resist. When newer technologies like geo-location data – knowing where people are in real time, through their mobile phones’ GPS systems – are taken into account, they might become irresistible.

Article 14 – Prohibition of Discrimination

Not only can surveillance and profiling enable discrimination – it can even potentially automate it. As discussed above, it may be possible to determine almost any kind of detail about a person online through profiling – their age, religion, nationality, ethnic origin and so forth. A key difference about the internet from ‘real world’ situations, however, is that decisions and options available to a person may be automatically controlled on the basis of that profiling – and the person involved may never even know what is happening. A website could be set to assess the profile of the person visiting and change the options displayed dependent on any aspect of that profile – this kind of ‘personalisation’ is one of the ideas being most actively developed by the big players on the internet at the moment. The downside is that this ‘personalisation’ could easily be used in discriminatory ways – offering different prices to people of different religions, for example, or making certain options simply not appear if the profile suggests a user is of a particular race. The idea of a ‘whites-only website’ becomes at least a theoretical possibility.

This may seem like an Orwellian nightmare – but it is becoming a practical proposition. A recent exposé of the Orbitz hotel-booking website showed that their system was filtering out those who use Apple Macintosh computers and offering them more expensive hotels to book. Discrimination according to the computer used may be legal – and even acceptable – but it indicates what is possible, and the potential for misuse is clear.

‘Necessary in a democratic society’?

Of course the Articles referred to above are subject to the usual qualifications – that they can be interfered with as ‘necessary in a democratic society’ for national security, economic well-being, prevention of disorder and crime, health, morals etc. That, ultimately, is the rub. In what way, and to what extent, is internet surveillance ‘necessary’ in a democratic society?

That is the question that needs to be answered. Internet surveillance can interfere significantly with the rights of individuals – not just with their privacy but with freedom of expression, with freedom of assembly and association and with freedom from discrimination. Given this, the bar should be very high in terms of the ‘need’ for that surveillance – and proper evidence needs to be presented and scrutinised before that ‘need’ is accepted. To date, the evidence provided has been scanty at best.

Dr. Paul Bernal is a lecturer in the UEA Law School and a member of media@UEA. He blogs at: http://paulbernal.wordpress.com/ and tweets as @paulbernalUK.

Suggested citation: P. Bernal, ‘The Draft Communications Bill and the ECHR’ UK Const. L. Blog (11 July 2012) (available at http://ukconstitutionallaw.org).


Filed under Human rights

Carol Harlow: Surveillance and the Superstate

For a society as devoted to secrets and privacy as the British are traditionally supposed to be, however, the law possesses surprisingly few protections for the communications of its citizens. True, phone hacking has become a criminal offence under the Regulation of Investigatory Powers Act 2000 and the creation and retention of citizens’ data is now regulated by the Data Protection Act 1998 but there is no right of privacy per se at common law and resort is consequently to a haphazard and fragmentary set of common law rights of action, which protect person, property and dignity in limited situations [See Lord Bingham, ‘Tort and Human Rights’ in P Cane and J Stapleton (eds), The Law of Obligations (Clarendon Press, 1998)].

Government (a.k.a the Crown) has by way of contrast traditionally been highly privileged, benefiting from the existence of a set of wide and loosely defined prerogative powers in the area of security and defence. There has never been a constitutional ‘right to know’ and access to official information was until recently narrowly restricted by draconian Official Secrets Acts, which made it an offence for any Crown servant or agent or anyone in receipt of information from a Crown servant or agent to disclose such information without authority. Although toned down by the Official Secrets Act 1989, which restricts the categories of protected information, the underlying ethos, that information in the possession of government is its private property, has not been dispelled by the first freedom of information legislation, which came into force only in 2005 and is riddled with so many exemptions as to merit the label of ‘sheep in wolf’s clothing’ bestowed on it by Rodney Austin [‘The Freedom of information Act 2000: a sheep in wolf’s clothing?’ in J Jowell and D Oliver (eds), The Changing Constitution (Oxford University Press, 5th edn, 2004)].

In the last two decades, the relationship between state and citizen in the area of information has been complicated by the rapid evolution of information technology, globalization of communications and the multi-level nature of regulation. Many counter-terrorism measures involving surveillance emanate, for example, from the United Nations, while the European Union is starting to play a significant role in access to information and data protection. On the one hand, ICT has facilitated the accumulation and retention in government data banks of vast quantities of information, relevant and irrelevant, about its citizens. Concern over the uses to which such information would be put fuelled opposition to proposals – ultimately defeated – from Tony Blair’s government for citizen identity cards. On the other hand, easy access to the internet and rapid communication via mobile telephones, Skype, social networking sites, twittering and tweeting have worked to the benefit of citizens and rendered government control harder. This point was poignantly illustrated during the ‘Arab Spring’.

Concern, evidenced in the campaign against identity cards, has been growing at national level, over the growing use of modern technology to extend surveillance by public authorities – the proliferation of CCT cameras for crime prevention, centralized and systematic police monitoring of cameras used for traffic control for other purposes, and CCT use by the private sector, where it is barely controlled. The courts have shown themselves relatively unwilling to restrict the use of modern surveillance techniques. In Wood v MPC [2009] EWCA Civ 414, for example, the Court of Appeal rejected a claim that the filming of participants in a trouble-free demonstration and subsequent retention of the photographs was unlawful and amounted to a violation by the police of ECHR Article 8, ruling instead that the practice was a justifiable and proportionate measure for the prevention of crime. After the London riots in 2011, the Metropolitan police pressurized broadcasters to hand over videos and pictures they had taken, threatening a court production order under PACE. The press protested vigorously at the threat to freedom of speech (The Guardian 30 August 2011) but the issue remains unresolved. Similar protests met government proposals – not yet fully particularised – to extend rights of access by public authorities to electronic communications between citizens, stimulating a vigorous political response from the junior partners in the coalition government, (BBC News, 10 April 2012).

Strasbourg, interception and data protection

The interception of communications has brought the United Kingdom up against the Strasbourg Court of Human Rights on several occasions. Indeed, of the long line of cases marks the interest of the Strasbourg Court in interception of communications, data protection and surveillance, several involve the United Kingdom [ECtHR, Factsheet on data protection 2012].  In Malone v United Kingdom (1984) 7 EHRR 14, the issue was telephone tapping by the police, which came to light during Malone’s trial for handling stolen goods. When Malone sought a declaration that the practice was unlawful [Malone v. Commissioner of Police of the Metropolis (No. 2) [1979] 2 All ER 620] Megarry J. ruled (i) that the common law recognised no right of privacy on which to found an action (ii) that no actionable tort had been committed and (iii) that a claim based on Article 8 of the ECHR, which specifically protects the privacy of correspondence, must fail because the ECHR was not (at that time) directly applicable in domestic law. In reaching these conclusions, the judge remarked, however, that he found it ‘impossible to see how English law could be said to satisfy the requirements of the Convention’ and that ‘the subject cried out for legislation’. This did not prevent the British Government from arguing in Strasbourg both that the practice of requiring ministerial authorisation for all telephone tapping was sufficient to satisfy the Convention requirement that interceptions must be ‘in accordance with the law’; and also that the practice of ‘metering’ or recording dialled numbers and the time and duration of calls, fell outside the Convention right. The Government lost on both heads and the Interception of Communications Act 1985 followed.

This legislation is now taken up in the Regulation of Investigatory Powers Act 2000. RIPA’s objectives are wide: it provides for ‘the interception of communications, the acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed’ for purposes of national security or investigation of serious crime by the security services and police. A warrant signed by the Home Secretary is required. RIPA also regulates ‘metering’; it requires records to be kept and made accessible on ministerial request of dialled numbers etc. A monitor in the shape of an Interception of Communications Commissioner is provided. More controversially, RIPA permits a wide range of government agencies, including the Charity Commissioners, Financial Services Authority and local authorities to indulge in similar activities, albeit in limited circumstances. Largely on these grounds, it has been widely criticised as a ‘snoopers’ charter’.

Marginal restrictions on the powers of local authorities are contained in the Protection of Freedoms Bill, currently before Parliament. Unsurprisingly, however, the Home Secretary (Theresa May) did not seize the opportunity afforded by the Bill seriously to curtail the snooping activities of public authorities. Instead, proposals to include in the next Queen’s Speech extensions to RIPA’s ambit have been announced to cover more modern forms of communication, including internet-based email, twittering and tweeting, Blackberries, Skype, mobile phone texting, social networking sites like Facebook and even online games. Proposed new legislation would, it is believed, force internet companies to install hardware enabling GCHQ on behalf of government to examine websites accessed and text messages or email sent. The proposals will in short allow police and intelligence officers to monitor a person’s contacts including websites, although the content of communications will not be accessed. Once again, the records will be available to local councils and other agencies, though in limited circumstances.

In S and Marper v. the United Kingdom [2008] ECHR 1581,  the Court ruled on the taking and retention of DNA samples from persons suspected of criminal offences but subsequently acquitted. There is an implicit reproof to the House of Lords, which had ruled to the contrary in R(LS and Marper) v Chief Constable of Yorkshire [2004] UKHL 39, in the ruling that

the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences… fails to strike a fair balance between the competing public and private interests and that… the retention at issue constitutes a disproportionate interference with the applicants’ right to respect for private life and cannot be regarded as necessary in a democratic society.

Necessary changes to bring the law into line with the Strasbourg judgment are also contained in the Protection of Freedoms Bill.

Enter the European Union

But data processing, retention and protection are no longer a purely domestic matter. They are the subject of a major new initiative under the direction of EU Commissioner, Viviane Reding. This is both a necessary and welcome development in view of the vast data banks that have been built up in the EU from material contributed by member states and often widely accessible to member state authorities and officials. Until the Lisbon Treaty came into force, winding up the ‘Third Pillar’ and bringing justice and home affairs into the ambit of the Community, this was a dark and windowless area of EU law and policy. In the Community pillar, some of the sketchy and piecemeal regulation, such as the Telecommunications Data Protection Directive (Council Directive 97/66 of 15 December 1997) or Data Retention Directive (Directive 2006/24/EC of 15 March 2006), had shown a capacity to bite. In Case C-518/07 Commission v Germany [2010] ECR I-1885, for example, the Commission successfully brought Germany before the Court of Justice because its domestic data supervisory authority was insufficiently independent. But Directive 95/46 on data protection, the generally applicable legislation, contains exceptions in Article 13, which authorises Member States to restrict the scope of the rights and obligations provided in the Directive when ‘such a restriction constitutes a necessary measure to safeguard national security, defence and public security’. Similar exceptions apply to the prevention, investigation, detection and prosecution of criminal offences. The consequence was policy-making marked by a serious democratic deficit and information shortfall, culminating in the highly suspect Prüm Convention, which provided for the establishment of DNA profile databases and allows access to partner countries’ fingerprint databases, which the other contracting parties will be able to check on request not only for the purpose of preventing terrorist attacks and serious criminal activity but also in case of political demonstrations and ‘other mass events’. Similarly controversial was the agreement with the United States on the transfer of passenger name record data (PRN), successfully attacked in the Court of Justice Case C-301/06 Ireland v Council and European Parliament (10 February 2009), but now the subject of a new agreement foisted on a not-entirely willing Parliament (see http://www.statewatch.org/pnrobservatory.htm).

Coupled with the EU Charter of Fundamental Freedoms, the Lisbon Treaty (TFEU Article 16) provides a new basis for, and mandates, EU lawmaking, from which the European Parliament can no longer be excluded. A proposal from the Commission for a legislative text would provide a Europe-wide framework for data protection. This would have a major impact on private generators of electronic data, which would in future have to prove either consent of the data subject to retention or that retention was necessary. A second proposal  for a directive covers processing of personal data by law enforcement authorities for purposes of crime prevention, investigation, etc. and ‘the free movement of such data’.  The Commission is also reviewing the Data Retention Directive, which requires companies to store communication traffic data for a period of between six months and two years. In fact, some member states and notably Sweden have already implemented this measure.

The European Data Supervisor has, however, expressed ‘serious disappointment’ with the provisions in the law enforcement area [Opinion of the European Data Protection Supervisor on the data protection reform package]. While welcoming the fact that the directive would cover domestic processing, he regrets that the level of data protection in this area would not be increased:

The main weakness of the package as a whole is that it does not remedy the lack of comprehensiveness of the EU data protection rules. It leaves many EU data protection instruments unaffected such as the data protection rules for the EU institutions and bodies, but also all specific instruments adopted in the area of police and judicial cooperation in criminal matters. [para. 443, emphasis mine]

The UK Information Commissioner has expressed similar views. He sees the Commission proposals as less ambitious than the current UK Data Protection Act and hopes that ‘the provisions will be strengthened as negotiations progress’. Clearly, we cannot rely on the European Union to halt the march towards a surveillance state.

Carol Harlow is Emeritus Professor of Law at the London School of Economics

1 Comment

Filed under European Union, Human rights